said by Trel: said by Name Game:
Your premise is that all users and their OS or their Browser is locked down tight and all updated to the current security fixes that have been recently updated no matter what OS's are installed and the all are running win7 and all the third party apps and programs like java..adobe..ect are also patched for their exploits and buffer overflows...but that is not the real world.
edit: reply to Trel
To be fair though, most moderns OS's auto-update, and the same type of person who clicks on links emails and saves and runs attachments, are likely the same people who will click yes when the update prompts for Firefox or Flash or Java come out now too.
The other link posted which I replied to specifically said the program was transmitted through Skype as a program with a Facebook icon, which means they DID run something and didn't just click a link.
In almost all cases, there's additional interaction beyond just clicking a link in an email. Be that installing a browser addon/plugin, or saving and running something.
Yes, the seemingly endless onslaught of cyber crime continues, this time via the innocent e-card that which once was a nice surprise in the Inbox has become a gate to identity theft. Exploit Prevention Labs in Atlanta, GA reported in September that company researchers have discovered a scam in which e-cards are used to install keylogger software on the victims computer. The scam, which was executed by an Australian cyber criminal ring and is known as MDAC, involves sending to the user an e-card that appears to originate from a major online greeting card service. When the user clicks on the hyperlink to open the card, the browser is redirected to a exploit server, which checks to see if the computer has been updated with the latest security patches. If it hasnt, the server installs a rootkit and keylogger, then redirects the computer on to an actual e-card.
The user continues working on the computer, likely forgetting about the e-card. But from that point on, all keystrokes are being recorded and accessed by the attackers for use in identity theft.
Article Source: »EzineArticles.com/372061--
Gladiator Security Forum