One of the main routes of malware infection is through office automation documents. They represent a very potent vector of infection, specially in directed attacks and phishing campaigns.
These documents are crafted to carry hidden macros, OLE objects, executables, etc., which, once the user opens the document, conduct a series of malicious actions to obtain information with the idea of profiting from it or simply damaging the system. Generally, this type of generic malware downloads other malware for the Internet (droppers), exploits system vulnerabilities, duplicates itself to assure its lifespan in the system, exfilters user information, etc.
A very useful tool for analyzing and detecting anomalous patterns in office automation documents is the “OfficeMalScanner” suite, which you can download from the author’s web, http://www.reconstructer.org/.