I spent the better part of this afternoon, resetting a users laptop because they had clicked the link. You know, that link you get in an email that tells you of the important document that you simply must see... Oh - but you need to install their software to see it. A perfect opportunity for another educational email.
These emails are a pain in the butt, because it is so hard for the spam filters to catch them. They dont carry a payload except for a link and as you actually click the link, then the system thinks you want to do this!
The malware in question was discovered because everytime the user wanted to google something, it went to this malwares website to give the search results! The malware itself was downloaded from the website and installed with the users (click happy) permission. Interestingly, Mcafee's Site advisor lists the malware site as safe, despite over 40 comments from people to the contrary. http://www.siteadvisor.com/sites/freeze.com/msgpage.
I imagine the troubled conciousness talking to the semi-sane part of their brain must be quite an interesting show for an outsider, kinda like a war between the left and right sides of the brain;
Right: Shall I click that link?
Left: Yes Please ! gotta see some of (whatever that is!).
Right: But what if its a virus, a trojan, a hoax or some other "evil digital being"?
Left: Who CARES? click the link!
Right: Hmm... im not sure...
Left: Oh go on, Whats the WORST that could happen...
Left & Right: Oh crap
The real kicker here, is that this is the fifth time I have had to reset this users laptop - or one of his incarnations. What with one two broken and two stolen, its easier to keep track of 'versions' of laptops for him. (Similar to the Matrix where they count from the emmergence of one anomaly (Neo) to another, rather than years.)
The last time we went through the reinstallation proceedure, I installed a piece of software called RollBackRX on his machine. Once it was all setup, I took a snapshot of the machine in its perfect state. The system then takes regular snapshots at pre-determined intervals. You can also lock them to prevent them from being deleted - which is nice.
So, I take his laptop and reset it to the last 'good' version of the system, start up the software and grab off his files and documents from the last snapshot, et voila! one nice clean system. This is the first time I have had to go through the entire process since I started deploying it on all of our laptops, but it certainly saved a lot of headaches and time.
If you are interested in this fantastic peice of software, google RollBackRX from Horizon Data Systems. It is well worth time money (in terms of time).
As one final, parting gift to the troubled, click happy salesman, I gave him a flip-book made from post-it notes. I asked him, which one of the following programs (represented by crude icons) would he install on his laptop next?