So a mate of mine was infuriated to find out a client he supports had run a executable they had been emailed..... However this particular one takes advantage of the fact you don't need admin privs to piss off the user.
The lady in question was using her home laptop for work, so had no backups when:
http://arstechnica.com/security/2013...0-in-bitcoins/
struck.
It's a crypto-ransom-thing. Basically a $300 mistake, as all your document files (that you have write access too) become encrypted, the only way to get the access is to pay the ransom. Or you know, use the backup plan you have which of course involves cold versions right? Right?!
The main thing here is because it doesn't install itself in any dodgy ways, it doesn't trigger UAC, after-all your restricted user can write the document files you work on....
Well we figured we should do a little audit, I made a quick dummy virus, basically it looped:
And pressing CTRL+ALT+DELETE would be enough to stop it.
Turns out my farther had it up on screen for 25 min, before rebooting the PC. He then proceeded to run the same phising email again. ergh.