Twice a year Microsoft releases their Security Intelligence Report. This is one of the best sources of information you will find on the latest trends in malware. Not only does Microsoft have a huge install base for collecting data (over 600 million computers) but they have the resources and Ph.Ds to convert that data into valuable information. What is the top finding on the very front page of the report? Social engineering is the most often used vector for malware infection. I think this is great, they are identifying the human as the weakest link! Unfortunately, in the 76 page document no where do they discuss attack vectors or provide more information. Microsoft has fallen victim to what I feel is a huge problem in this industry, thinking of security as only a technical problem, and thus a technical solution.
However, they have a nice write-up on social engineering in their email section. It would be great if Microsoft could broaden this and educate people that social engineering attacks are not just limited to email.