Social Engineering Expert
Because there is no patch for human stupidity.
Perhaps you have seen this before? I have a shirt that says exactly that and it is clean and ready to be worn to one of my clients next time he calls up. Specifically for him. The guy is a nice guy but well...dumb is the nice way of saying it.
He had gotten xp-antivirus2008 on his system last week, swore he had no clue how or when he had gotten infected. He had gotten other stuff(malware and virus's) about two months prior and i felt bad since he was a bit on the old side so i gave him a break on the cost of getting his system cleaned up. It had around 100 other nasty bits the first time around. So this time rather than do it onsite i picked it up before the weekend and I dropped his machine off all nice and clean on a Tuesday towards the end of the day. Late the next evening he calls up and tells me he has a screen asking about doing a scan with win-antivirus2009 this time!
I was shocked knowing full well i had gotten the system completely cleaned up. BUT thought perhaps i missed something? i had run EZ-PC-Fix (via BartPE) AVG, Counter-Spy, Viper, Spybot, Adaware, Trend-Micro Housecall, MalwareBytes, SuperAntiSpyware, ClamAV and actually a couple of others too. Each one finding a few more. Not till i was getting clean scans did i deem it safe, BUT, perhaps he had a zero day?!?!?
OK, needless to say i felt bad for the guy, so i told him don't even click on the start button to shutdown, just pull the power disconnect everything and bring it to me, ill clean it up tonight and you can pick it up in the morning.
Worked through the night to not only get it cleaned up but to investigate how he was getting it, where he was getting it from and what ever else i could about this little guy that would let him survive after a rigorous cleaning like that. Well i found in firefox's history the site he got it from was main-scanner.com, got there from a search where he just kept following link after link after link while looking for shotguns. guy likes guns i guess.
Blocked all known domain names via the hosts file, AGAIN, went over how to keep safe and clean while online and as he was leaving he let lose with his freudian slip and asked "so you verified where and how i got it online right"? I said yes and i have prevented you from going to those sites again in the future. To which he responded "ok, good, Yeah i just had to go back and verify for myself that was how i got infected the first time" !@**&#*@&(&(*!&(*!&*(@&!
****mentally i wanted to say****
Go back home, find one of the guns you like. Preferably one with a REAAAALY BIGG barrel, stick it in your mouth, if it doesn't fit not to worry, just pull the trigger and it will fit with no problem!!!!
****but i couldn't speak****
I could not believe what he said, i just stood there dumbfounded.
How dumb are people??? Yes, some of them are even that dumb!!!
So the one thing i have heard a lot of people mention on here is what can we as Admins, IT guys, Consultants and First Responders who DO know better do to help those who do not.
So far other than education its tough but i do have one really good recommendation..
Sign up for a free account on OpenDNS.org and then use OpenDNS to block these types of problems from users who if told pulling the trigger would make the barrel fit might pull the trigger. OpenDNS does work for some of those domains mentioned above and while obviously the bad guys keep buying up new names and well if your a IT guy like myself when you find another malicous site you can block it for every one of your clients just by adding it but please submit it to the OpenDNS community to get it voted on and blocked for everyone else.
It works and actually its good because if and when your client does pickup that gun, i mean end up on one of these sites instead of getting infected he will get a nice warning page complete with your logo and OpenDNS's explaining why he was prevented from pulling the trigger.
Keeps them save and honestly makes you look pretty darn good while doing so. Sure it won't prevent everything but at this point its the closest i have found to having a way to protect them from themselves. Sadly i found out about it After Captain Genius went to verify how he got shot up the first time but i will be rolling this out to every client after this incident.
And yes, good article. sorry for the long winded response. still can't believe he did that to himself a second time less than 24 hours later...