I received the following email while working an assignment. This email was passed through a very close chain from the source. Read the email, my analysis of why this was bad follows. The names of been changed to protect the innocent (and the guilty), and some comments are added in [brackets] by myself.
All,
The IT department has received information that there is a very complicated Virus that has been infecting computers worldwide and there is no 100% safeguard against it. This virus is capable of doing serious damage to your PC and it is very hard to remove once a PC is infected. We have had a few reported cases here at Pwned Industries that we detected and resolved immediately. We have also verified our virus scanners are up to date.
As always, please be very cautious of any email received, especially if it has an attachment. This could be sent by an external or internal person. If you do receive a suspicious email and aren’t sure what to do, please create a service request from your desktop icon, the helpdesk website http://omgyoureallyhaveapubliclyaccessiblehelpdesk.com or call Helpdesk @ Ext 1234 [seriously, I didn't change the extension, that's really it, what are the odds?].
*****Do not open the email or attachment till IT gives you instructions*****
Very Important – If you get an IE or Windows pop up on your desktop stating it is “Antivirus 2009″ please do not do anything. Call the helpdesk @ Ext 1234 immediately. Thank you
Regards,
Innocent Victim- Network Systems Admin
Pwned Industries
Phone: 123-123-1234
Fax: 123-123-1235
IVictim@PwnedIndustries.com“Life itself is easy. Humans and their actions are what make it hard”
What I have learned, is that Pwned Industries is infected with a Trojan and doesn’t have much confidence in their ability to detect it. They also think said Trojan is new which further sends shivers of joy up my hacker spine. How did I come about such sensitive information? Well you see, Johnny Looselips over there thought he would help his friend out by forwarding an email from his Network Admin warning about the Trojan.
In addition to sending the letter in its entirety, he also sent it from his corporate email address. Even if he had thought “gee, maybe it’s a bad idea to alert outsiders of a TROJAN running rampant in my employer’s network, maybe I should scrub identifying data,” he still sent it from his corporate email address.
Additional nuggets not to be overlooked in this prime harvest include the link to their publicly accessible helpdesk, and name and number of the admin. I’m betting I have two user names in their email addresses (the admin’s and Mr. Looselips’ who forwarded this email out). I also have the number to the help desk. “Hi, I’m Johnny Looselips and I forgot my password to the helpdesk. I got this email about this Trojan and I think I’m infected. I tried running the AV2009 tool and my computer seems to be getting worse. Please help me reset the password so I can get it fixed!” The signature line of this unfortunate Network Systems Admin, tragically sums it up “Life itself is easy. Humans and their actions are what make it hard.” Touché, good sir, touché.
As the title of this article states, there are no fire walls for stupid. Users continue to be teh weakest point in your network. What are you doing to raise awareness at your organization?
Great site! All the security in the world doesn’t prevent someone from doing something stupid. You can usually mitigate stupid at the end user level, but once it travels too far up the chain it’s over. I’m still amazed that people are still fighting with things like Conficker even though it’s basically been defeated months ago.
As long as there are people excited to get greeting cards for no particular reason, from people they don’t even know, there will always be people fighting Conficker. “I’m sorry Mr. CEO, that wasn’t a stranger showing you some unexpected love, that was a virus. You lose one internets.”
That being said… I love stupid people. They generally keep me employed.