MSI's and malware

How come the vast percentage of malware from emails or websites is either .exe or .scr. Never seen a .msi before.

Any reason?

 

Most malware doesn't install themselves using Windows installer. There is no need for that as there is usually no formal "installation" process of malware. EXE will run by itself without a need for installation package.

 

Thanks for the reply.

So, very unlikely MSI can infect is that the case?

 

It's not usual way to install malware but MSI can't be considered as safe file extension. You can also get PUA (toolbars, trialware...) embedded in installer of other applications.

 

As in the main file is msi or embedded to exe?

 

Main file is MSI. It's installation package for legit application. Together with application there is embedded PUA. That's how some free applications are distributed to get some money for PUA distribution.

 

Like silly BHO?
Would either way throw in dlls also?

 

Yes to both.

 

Cool, thank you hqsec