Typically, a spammer would send a "dropper" file as a normal-looking email attachment. When the attachment is opened, the malware downloads from a server and infects the machine.

It always depends on someone clicking on an email attachment. Who does that? (rhetorical)

Obviously enough people *do* click on email attachments from unknown senders (or spoofed accounts) to keep this delivery method successful, but it makes me really question the thinking of these people.

but it makes me really question the thinking of these people.

Dumb, totally dumb ... their social "friends" purportedly send them "stuff" and they simply do not mentally question anything ... if they were in this conversation right now, they would not comprehend why system admins have to lock so much down because of these "click every frigging link" nutters!

I'm getting to the point of ... Go buy a new system, this one is *u*c*e* when all it needs is cleaning-up, Joe Public does not deserve my assistance any more because of their own ineptitude and stupidity.

@engine .... some of the reports I've read regarding this trove of email addresses is it is largely fabricated (adding sales@ to domain names for example), nonsense, merges from other already known scrape dumps, etc to end up with 711m addresses. IOW, largely outdated, non-existent, and generally useless. However, that will not stop an automated scam/spamer to insert into a job list and set loose the electrons of war. (pardon the parody)

Careful with that pic moderators, Hormel might sic their lawyers on you.

Hormel Foods was upset at the use of its trademark and pursued a series of unsuccessful lawsuits between 2002 and 2007 against companies like Spam Arrest, Spambuster, and Spam Cube.

Hormel eventually gave up the litigation and embraced the spam legacy, even sponsoring the Spamalot musical in 2006.

[digitaltrends.com...]