Just when I thought I'd trained my users

We don't have anywhere near the time we need for professional development, particularly in the area of technology. However, I was almost convinced that the majority of my users were coming into the 21st century.

Our only client-side anti-malware is Clamwin and Windows Defender (on our Windows machines, of course). We have comprehensive AV on the email servers and this has served us remarkably well. With reasonable content filtering in place, we don't even tend to get many spyware infestations since folks can't get to the more egregious sites. As a result, I was surprised when I got a call from a user complaining of a virus on her computer.

Since it was one of our budget staff and she was working on payroll, I popped over to take a look. And guess what? She had a trojan! A quick scan with Clamwin and a complete sweep with Windows Defender (and Ad-Aware, just for good measure), and the trojan and the spyware it had installed were history. However, there was a lesson here.

This user had opened an email from an unknown sender and opened an attachment because it looked important. She's in budgeting, it appeared to be from a financial institution, so double-click she went. That fast, she was done for. Our ISP has already added the new malware to their filters, but this certainly won't be the last to slip through the cracks. Two other users reported receiving similar emails that they chose not to open.

Remind your users not to open attachment from people they don't know, OK? Good ol' Internet common sense, circa 1998.