CryptoLocker as it is called, is sent as an attachment by e-mail. The attached ZIP file contains an executable file disguised as a PDF file, taking advantage of extensions. When first run, the virus/trojan installs itself in the Documents and Settings folder with a random name, and adds a key to the registry that causes it to run on start up.

I feel sorry for people who just have to open or download all attachments from unknown sources. One would think, this could be branded as cyber terrorism and would be dealt with harshly by our combined governments. After all, many government agencies use Windows and email don't they? So once they follow the money trail back to the publishers... well I wouldn't want to be woken to an armed soldier shoving a black bag over my head.

Meanwhile my advice to Windows users is to place important files from Documents and Settings folder into a new folder or a backup folder any place other than your Documents and Settings folder. Another scheme might be to make sure you back up your files to CD/DVD on a weekly basis. Windows users and computer users in general should know their options. I wouldn't think this one would be able to get by a user who has no admin privileges. Meanwhile the virus/trojan can be removed, however the files it locked may as well have been destroyed.

Or people could just stop opening strange emails. Emails containing malware is nothing new...people should know by now.

Facebook model

Ummm, contacts from unknown sources IS the Facebook model. A whole generation is growing up with "Friends of Friends" sending them things.

It's easy enough for geeky old-timers to pontificate, but realise that much of the online computer world is encouraging new users to do exactly the opposite of what we consider to be wise and common-sense...

Facebook is dangerous, IMO.

My full time job is instruction of our data acquisition engineers and they run Windows.
Due to legacy (Unix OS-9) and the nature of the software they need to run with high privileges.

The first lesson is to switch the file manager from big stupid icons to displaying details, to switch off this horribly stupid MS default to hide 'known' extensions and make sure autorun is disabled.
Would I later see they've gone back to the default behaviour we have a serious chat about their professional future.

Our Scada compliant system is usually run stand-alone (air gap) and breaches are typically via infected USB drives used to get the data off.
This is normally omitted by having a one-way network connection to a separate computer that does the communication but again, habits are sometimes difficult to change.

Now our management wants to connect the system to the net (WebDav), without very strict rules like removal of MS Office (Outlook, Macros) it's going to be a nightmare...

New engineers have at university all had training and experience in running computers but too few have the slightest notion about security, forget office drones like in the IT dept.