I've had a couple of people mention to me recently that they have been hit by CryptoLocker1 that it was delivered by a link to a page with a CAPTCHA and only after solving the CAPTCHA were the users directed to a link to a .exe file.
There were a couple of explanations given, one was that it made the user fell more convinced that the file was legitimate. I'm not entirely sure about that but I guess it seems plausible, people might think "It's hardly going to be malware if it's this hard to get it".
The other explanation that I think might be more on the money is that many gateway anti-virus and anti-spam products will follow links in emails and will block and flag any link to an exe file. Also there are tools out there like virustotal that will analyse urls and flag them as suspect.
I enjoyed the irony though that even people running botnets need to use CAPTCHAs to stop their malware from being flagged by other (good) bots.
I guess it doesn't matter if your running a network for charity hospitals or running a network to distribute malware, we all face the same kinds of challenges.
If you haven't seen commitstrip before I'm sorry for killing your productivity for the next few hours.
They said "CryptoLocker" but it may not have been that specific strain I suspect it was just some generic ransomware. ↩