This is a pretty good account of the now-famous Word 0-day attack on the "unnamed" government agency.... enjoy.
SANS - Internet Storm Center - Cooperative Cyber Threat Monitor And Alert System: "That user detected an email coming in that originated from a domain that looked like their own, but wasn't their own (actually only had an MX record in it). The email was written to look like an internal email, including signature. It was addressed by name to the intended victim and not detected by the anti-virus software. "
Also, dailydave has some fun discussion about it titled (he-he!) 'We got owned by the Chinese and didn't even get a "lessons learned"'