I think it's RTF because that format does not offer any option yet to embed a malicious payload.
No doubt Microsoft is already working hard on corrupting correcting the standard so it can.
Not a member of The Register?
Create a new account
Remember me on this computer?
The Register Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023