One of the methods that SoBig employed to spread was
social engineering. In other words, it got the user to "open" an e-mail attachment rather than exploiting a vulnerability and running itself. (Unlike the Swen worm which runs if you open or preview the message with Outlook.)
CERT.org has a decent article explaining the hazards of (and precautions for) reading e-mail with attachments.
No comments:
Post a Comment