Botnets often play important roles in malware distribution schemes. In a typical scenario, an attacker uses bots to send spam messages that contain links to malware, which itself is often hosted by the botnet. The messages use social engineering techniques to convince recipients to click the links, such as disguising the message as a news digest with provocative-sounding fake headlines, or as a message from a friend purporting to offer a link to an embarrassing photo of the recipient. The malware is either offered for download directly, as a disguised executable file, or is hosted on a webpage that includes exploits that are designed to use specific browser vulnerabilities to secretly install malware on visitorsâ€™ computers (a tactic sometimes called drive-by downloading). For more information, see Analysis of Drive-By Download Pages in the Reference Guide section.
One example of a drive-by download attack
Click on the Image to Enlarge.
Occasionally an attacker sends malware directly to recipients as a file attachment, although most popular email programs and services block users from downloading actual or suspected malicious files. (See "Email Threatsâ€ in the Reference Guide section of the Security Intelligence Report website for more information.)