Was just thinking - am sure most people in charge of security for any size of network have warned the networks users not to download any attachment they were not expecting or that they havn't checked with the sender to ensure they did indeed send the attachment.

But how many people can be sure that their users are following these guidelines?

I have also warned people at work about the ways in which some virus writers will try and trick users into running attachments.....spoofing the from address (maybe something like techsupport@yourodmain.com) so that they think it is from a trusted source.

Well I have decided to put it to the test
Have just constructed a small package to email out tomorrow - it contains an installation file which simply copies a .bat file to the HD runs it and then pops up a message saying "Your Tech dept is currently testing users security awareness. You have failed! This could have been a virus"

the .bat file is set to send a net send msg to the IT computer - lets see how many wee pop-up boxes I get tomorrow

v_Ln