Insight into the many threats that lurk in our software is presented in this paper. It also provides a useful introduction to the state of the art of malware. It will be especially useful for those doing research on malware or for practitioners designing secure systems.

The paper presents an overview of targeted attacks. It includes a very thorough section on threat models, which describes many ways that hackers use targeted attacks to obtain their objectives. The material in this section helps us understand how these attacks happen. This is followed by a section on frameworks and other tools used by hackers to perform their exploits. In addition, there is a section on how users can prevent these attacks. However, the possibility of building better software that can withstand or mitigate these attacks is not mentioned.

The authors confuse vulnerabilities with attacks; for example, cross-site scripting (XSS) and SQL injection (SQLI) are types of attacks, not vulnerabilities as described in the section on intelligence gathering. A vulnerability is a weak point that allows an attack to occur. While the writing is clear, the reader should have knowledge of concepts such as URL obfuscation, Whois lookups, and so on; they are not explained, although specific references to them are given.