adding some additional info to magnas comments

All malware are using so-called "security holes" in Windows OS to take advantage of some poorly / bad / large-scale written code in some legitimate application to launch their malicious code.

list of security holes here… click the orange arrow to the right, or google the CVE name fore more info. :wink:

http://www.avast.com/exploit-protection.php