Some malware families often use spam campaigns as a method of distribution. Usually they deploy simple social engineering tricks trying to deliver packed executable in disguise of a document. But even if it was a real document, it doesnt mean that it is harmless. In this post we will reveal the true mission of a DOC file delivered in a spam. The file comes with 4 VB modules (streams: 7,8,9,10) This is the point, where we can expect some illegitimate functionalities macros can potentially deploy malicious actions.”]
Source: https://blog.malwarebytes.com/threat-analysis/2015/10/beware-of-doc-a-look-on-malicious-macros/