Hackers exploit IE bug with 'insidious' Word docs