One of the primary methods of creating zombies is by getting computer users to unwittingly infect their computers by opening e-mails and Web pages containing malware. “If you look at the way RSA was penetrated, it was not terribly sophisticated, nothing on the order of Stuxnet, which was probably the most sophisticated attack we’ve seen in recent memory,” says Anup Ghosh, a research professor and chief scientist at George Mason University’s Center for Secure Information Systems. “Most of these attacks are executed using conventional exploits. What’s different is they’re using these exploits in new ways.”
And, unfortunately, they are also quite successful when using the same old attacks in the same old way.
Start with a good security policy, and educate your users so that they follow it. People can work around any technological hurdle to compromise a system and get their jobs done.