My previous blog entry on the OpenOffice malware BadBunny-A and the subsequent press release caused quite a lot of interest; however, the only flaw exploited by this (and the majority of malware) is the one that sits between the keyboard and the chair.
Malware authors, spammers, phishers and hackers are always targeting the user in one way or another. Either with the lure of cheap medicines, pornography or making money through the stock market.
If users didn’t purchase items advertised in spam, economics would solve the spam problem. If users didn’t click on links or even open emails from people they don’t know, ensured they kept systems up to date and paid attention to warning messages, malware would be less effective.
Of course this is simply not going to happen. Human nature is curious and the internet is simply feeding that thirst for knowledge, so we will continue to see spam, malware and web threats for a long time. Best practices and education can help, and shouldn’t be abandoned, but whilst there is a user involved, the vulnerability will still be there to be exploited.