If you’re a Facebook user, odds are you’ve seen it. Joe Smith posts a new status that says something to the effect of, “Check out the picture I found of you.” It is followed by a link consisting of a series of random letters and numbers. Now, the dilemma ensues.
OMG! Joe has a picture of me?! OMG! I just have to see it. I know it looks shady and it might be a virus, but if there is even a chance that there is some random picture of me out on the Internet, it is totally worth the risk of costing my company countless IT engineering dollars too fight a potential virus.
The user can’t resist and decides to click the link. It produces a “Page Not Found” error. “Well maybe if I click on it 7-8 more times it will come up.”
At this point, that little bot that was downloaded on the first attempt now has 7-8 little bot friends. In a couple days they are going to have a web browser pop-up party on the user’s screen and their Google home page will be redirected to some site of questionable moral fiber.
The user isn’t going to report it right away because they are so embarrassed. When they do report it, they have been doing NOTHING but work for the past 2 weeks and would not even think of surfing Facebook during work hours. It is officially the anti-virus software and the IT administrator’s fault. Lengthy Safe Mode scans with software like Malwarebytes or SuperAntiSpyware find numerous infections in repeated scans eventually prompting the need for a full rebuild of the PC.