What is wrong with filtering emails with executable attachments? With the exception of a very few tech support people sending me patches/fixes/updates I never get legit emails with executables. I don't really see how knowing the details of how it spreads will help you to block it.