You didn’t make it clear in your blog so I’m going based on what I’ve read in other sites:
1. You get an email with a zip file attached.
2. You have to open the zip file and in there is an executable file.
3. You then have to run the executable file.
4. Finally, you have to elevate the permissions on the executable file.
Is that about right or did I miss something?
What I don’t understand is why malware authors require users to go through so many steps in order to get infected with this stuff? Since we are constantly told that Windows has swiss cheese security, why don’t these malware authors simply use one of the millions of easy ways out there to automatically gain admin rights on these Windows machines?
Or is it possible we’ve all been lied to regarding how easy it is to infect a Windows machine?
Article source: http://www.zdnet.com/blog/security/spamvertised-dhl-tracking-notification-emails-serve-malware/10983
View full post on National Cyber Security » Virus/Malware/Worms