Recently been doing ongoing research on using malware when pentesting. A lot of Banks and networks are still vulnerable to these attacks and they still dont know it. Its very important for any pentester who is already in an engagement with such a client, to find such holes before the unethical do it.
So, most of the documents downloaded or attached in an email e.g PDFs, DOCs, PPTs, etc that is infected will have a shellcode, that will do the following: Will have a trojan downloaded from a rogue webserver somewhere in the internet. Then it will write the executable in your system32 folder, and execute the file.
This attack will only work if the user is a local administrator, or has administration privileges to write to system32, and this where you will find none of the windows workstation will work without the admin user.
There are several ways to secure this, that i may have to specify in the next blog entry. Keep tuned.