I got in to work Monday and had an e-mail that said it was from our corporate IT and that my password had been changed as part of the weekend maintenance. I don't know what made me do it but I opened the attached .zip file to see what I needed to do to get into the affected systems. When WinZip opened it showed an empty file. I thought that was strange and just closed WinZip and went on with putting a CD into the drive to install some software that I needed. A few seconds later the "run as" dialog popped up telling me that I didn't have administrator rights and asking what user to install the software as. I assumed this was from the CD I had inserted and closed that dialog as I was already running "MakeMeAdmin" to install the sofware in my user account. It wasn't until I read the next e-mail that things started to fall into place. The e-mail was also from our corporate IT department and said that the previous e-mail and another one with a different subject and text were spoffed to come from them but really were a result of the MyTob virus. I checked and the CD did not have an autorun that tried to install software so the dialog box was caused by the virus trying to install. So the lessons that I should have learned over 15 years ago when I picked up my first computer virus are:

1. Don't run as administrator. I am currently doing this and it has helped me to avoid this virus by asking me who to install as. If I had not just put a CD in the drive it would have been very obvious that something was wrong when the message popped up.
2. Keep up to date on patches. According to the virus detection/removal tool that I ran I need 2 patches from Microsoft to avoid being infected by MyTob. I had both installed thanks to Windows Update.
3. Never trust e-mail. Back in college I had a project to write an e-mail client. As part of that I learned the SMTP protocol and would regularly send e-mails with a return address of the.monster@under.your.bed (sorry if you got one of those). I should have thought that the e-mail telling me that my password has been changed was in a system that I used the supposedly changed password to access and therefore spoofed but I didn't.
4. Don't ever open e-mail attachments. Well never can be a problem if you are expecting a word document but you should at least attempt to verify attachments. I was reading the e-mail through the web mail interface. Outlook would have flagged the attachment as having some other extension (probably .exe, .scr, or .cmd) past the .zip and would have warned me.

As I said at the begining of this post, this all happened on Monday. I intended to blog about it Monday night but got busy with some last minute details for the Connected Systems Developer Competition and getting ready for a customer meeting on Tuesday I didn't get around to blogging it but thought I would do it first thing Tuesday morning. Very early Tuesday morning I woke up with the flu. Somewhere in the wee hours of the morning in the delerium caused by the fever I found myself thinking it would be nice if I could run my body in non-administrator mode. That way when I got a virus from somewhere else I could just click on the cancel button and not have it infect me. Of course that is not possible, but it would have saved me two days of laying in bed feeling miserable.