What Happens When You Open an Email Containing Malware

It’s a shame that people like this can’t channel their skills into something worthwhile, instead of screwing up other people’s PC’s.

A friend called me on Saturday morning because his PC had caught a Virus. Could I help him sort it out, he wanted to know.

The steps we went through

We met up just after lunch and I switched on his PC to be met by a typical warning sign in big red letters, telling me that his PC was infected and we had to download a specialist anti-spyware application.

No surprise there.

Then one of those Windows nag balloons opened up at the bottom right of his screen. It told me that Windows had discovered the PC was infected with the Worm.Win32.Netsky virus and it was going to download and install the latest anti-spyware application to clean it.

It was very well done, that one. Made me read it a second time. But, of course, Windows doesn’t have its own anti-spyware application.

Then a warning popped up telling me that the Windows Firewall had been disabled. That was a genuine warning – it had been.

So I tried to switch it back on and got a message telling me the application had been infected and, therefore, disabled.

It got worse. I tried to access the Internet so I could install Malwarebytes – no luck. All network connections had been disabled.

So I ran a full scan of his PC with his antivirus application. It ran at roughly half the speed it normally does and found nothing.

Next I decided to grab the Malwarebytes set-up file off my PC and install it on Robert’s PC from a USB Memory stick.

No luck there, either. A message popped up telling me I had to format the disk (which was rubbish because I’d been using it for months) and, when I tried to format it, I got the application disabled message again.

My next thought was to get Malwarebytes onto his PC via Bluetooth – no luck there either.

So I went online with my PC and looked up the Worm.Win32.Netsky virus and pulled up an article on how to remove it manually.

Only to discover that there were no relevant files on Robert’s PC.

It wasn’t Worm.Win32.Netsky at all, the hacker had sent us on a wild goose chase.

So the only thing left was to get the data off the PC, reformat the disk and reinstall Windows. A pain in the butt but it worked.

As much as I hate these people (and I do), I have to respect the thoroughness of the job they did. But what a shame they couldn’t channel their skills into something worthwhile.

Lessons Learned

In case you’re interested, Robert’s PC was infected by one of those UPS delivery status emails that have been floating around for a while.

He’d recently ordered some stuff from the UK and was expecting delivery, so when he saw the UPS email he opened it.

And got zapped.

Moral of the story:

  1. Install one of the top Internet Security applications (not just anti-virus)
  2. Install Malwarebytes (that’s a brilliant application for cleaning out malware)
  3. If you’re going to open an email from someone you’ve not corresponded with before, check the email headers
  4. Make sure the ‘From’ and ‘Reply to’ email addresses look genuine when compared with the ‘From’ display name

Stay safe!

Martin Malden

Share the love: