Life-Ruining Browser Hijackers

LehiNephi writes "If you're not diligent enough at whacking malware on your computer, you could end up in jail, whether or not you actually did something wrong. Hijacked browsers can not only annoy you with a never-ending string of pop-ups, they leave a less-than-virtuous browser history behind on your computer. This guy claims that some piece of malware hijacked his home page, opened an unstoppable chain of pop-ups, and filled his cache with porn. He now has to register as a sex offender, even though he denies that he did anything his computer says he did. Makes me glad for built in pop-up blocking in Mozilla."

Probably...

[Metallic Matty]

He was probably looking at porn in the first place. Not that I think that condones him being a register sex offender. But that was probably what started his sexual onslaught. (A lot of the porn sites love browser tricks, just one more reason for the avid geek to use Mozilla.)

Re:Probably...

[Anonymous Coward]

Popup blocking, tabbed browsing, superfast layout engine, ability to turn on and off javascript. Makes you wonder if the developers of Mozilla were really trying to make a better pr0n browser, eh?

Well, they succeeded.

Re:Probably...

[zulux]

It's Pornzilla

The Best Porn Browser [squarefree.com]

Re:Probably...

[swtaarrs]

Well the image rendering library is named libpr0n [libpr0n.com] :)

Re:Probably...

[isorox]

I use lynx for all my porn needs

Re:Probably...

[MikeXpop]

"Oh man, check out the META tags on her!"

Either that, or Ascii Pr0n NSFW

Re:Probably...

[AvantLegion]

I use lynx for all my porn needs

Here you go, buddy [asciipr0n.com].

Holy Shitballs On A Stick!

[RatBastard]

Oh, yeah. Let's play another round of "blame the victem"! Excuse me while I kick you in the Jimmies.

I've seen browsers get hijacked like this from people who I know for a fact were not looking at porn. I've had to clean a lot of them out at my job and I know from looking at the firewall's logs that these people were not visiting porn sites before their browsers got hijacked.

And yes, you ARE condining this poor bastard being marked as a sex offender.

Child Porn or what?

[panic911]

Was the guys cache filled with child porn or something?

How does looking at porn make you a sex offender? If it's illegal then arrest me right now.

Re:Child Porn or what?

[KingOfBLASH]

Was the guys cache filled with child porn or something? How does looking at porn make you a sex offender? If it's illegal then arrest me right now.

Some explanatory paragraphs from the article:

"When I used search engines, sometimes I got a lot of porn pop-ups," Jack said. "Sometimes I was sent to illegal porn sites. When I tried to close one, another five would be opened without my will. They changed my start page, wrote a lot of illegal porn links in favorites. The only way to stop this was turn the (computer's) power off. But when I dialed up to my server again, I started with illegal site, then got the same pop-ups. There were illegal pictures in pop-ups."

Security experts who were asked to review Jack's claims said it is possible that a browser hijacker could have been the reason porn images were found on Jack's computer. But they also pointed out some discrepancies in the story.

Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.

Brian Rothery, a former IBM systems engineer who has been researching Jack's claims, pointed out that a significant portion of the images and URLs cited in the arrest papers are from fairly tame nudist sites, as well as adult sites that do not contain illegal materials.

Re:Child Porn or what?

[bwy]

These days, any combination of innocent things can make a trial by jury a very dangerous thing for an innocent person.

Case in point. Say a neighbor asks if his kid can come over to my house one afternoon for help with his math homework or something. Say the kid isn't as well adjusted as I thought, and tells everyone I touched him.

Well, that alone means I am now guilty in todays world. But enter the detectives. They take my PC and find that I have some porn in my cache. Most of it is adult porn which is bad enough. But then they go and do ID checks on some of the pics and turns out the girls were mature looking 16 year olds. Fuck, now I'm just sick- a true pedophile.

By now, the community has been told who I am. There are posters up in my neighborhood. My employer fires me. Even if I don't get convicted for some reason, my life is still over. And if I do get convicted, I'm now taking it in the butt in some federal pound-me-in-the-ass prison. In which case I'd probably kill myself.

Anybody can disagree with me if they like, but this kind of shit isn't a stretch. The story was bad enough even if I didn't have porn on my box, but that fact just kind of seals the deal.

Re:Child Porn or what?

[AKnightCowboy]

Case in point. Say a neighbor asks if his kid can come over to my house one afternoon for help with his math homework or something.

Why would you be tutoring a neighbor kid anyway? you might as well just avoid all the other steps and register yourself as a sex offender right off the bat. I make sure to NEVER talk to my neighbors and always hurry from the car to the house without making eye contact with them if they try to start a conversation. One almost ambushed me and stood between me and my door but I kicked him in the nuts and ran into the house.

Re:Child Porn or what?

[dasmegabyte]

God, where do you live? That's hardly the situation around here.

My wife and I are always talkative to neighborhood kids. We have a puppy, and when we walk her, they swarm us. Their parents don't give us disapproving looks, despite the fact that we're new around here and nobody know us from Adam. Most are really friendly, probably as a result of our humouring their kids.

I've never gotten discouraging looks for playing with my friends' kids, either. This weekend we were playing football and cards with my friend's cousins...their parents were happy to get them out of their hair and occupied! I've gone on trips with my brother's scout troop to teach them kayaking, and visited his school to give a Q & A talk on the Internet. People seem thrilled that a young people are willing to spend time with their kids. My friends in Big Brothers/Big Sisters tell me the same.

Methinks maybe you're a bit sensitive, and you're allowing a few paranoid people to skew your vision. So long as you're not creepy about it, people like their kids to have older role models. It's one of the keys to growing up. I myself had a number of older friends, including several male teachers and a couple who used to help me with Chemistry.

Re:Child Porn or what? ( RAM DRIVE CACHE)

[zoloto]

Here are some sites for those of you with enough memory to create a RAM drive for your cache:\

Link 1 [compaqnet.be]
Link 2 [techzonez.com]
Link 3 (BEST) [gpick.com]

The last one has MANY ways to create a ram disk. Just fyi actually. You know, if you dont' want people to find what you have done on your hard drive, just set up one of these and set the history/cache/etc to a ram drive and every time you reboot - PRESTO! No trace at all!...

Hope that helps.

Caught in the Act?

[coupland]

While I respect this guys rights and wouldn't presume to accuse him of anything, I certainly cannot defend him without reading the court transcripts. ANYONE who was caught in the act of downloading kiddie porn would claim their PC was "hi-jacked" so I don't think this is a defense of any kind, in and of itself. I don't think the feds are technically literate, but I also don't think they're fools. I have a hard time believing they charged someone with downloading kiddie-porn when all that really happened was he saw some pop-ups, like you and I (unfortunately) see a million times a day. Something else took place here.

Might not have been the pop-ups even

[bcore]

After all, how often do you see pop-ups with child porn on 'em? I certainly know I never do, even when I'm forced to use IE

The dude in question claims that he bought the computer on eBay, which is a whole other ball of wax. If you buy a used computer, and can prove you did so, are you legally responsible for what might have been on it when you bought it?

I totally have no idea what the right answer to that would be.

Re:Might not have been the pop-ups even

[Chump1422]

You're not responsible if someone else put porn on your computer. Crimes generally require 2 elements (I'm a law student):

1) Mens Rea, or intent. Clearly no intent there. Sometimes crimes don't require this, but almost all do. Intent might be satisfied by meaning to download a "barely legal" video, though. It's like if you swear she looked 18, you can still go to jail for statutory rape.

2) Actus Reus, or criminal act. Depending on the statute, possession might be a crime. So he could be liable just for that.

It's unlikely he would be found guilty without at least meaning to download something pornographic.

Re:Caught in the Act?

[sfjoe]

I have a hard time believing they charged someone with downloading kiddie-porn when all that really happened was he saw some pop-ups, like you and I (unfortunately) see a million times a day.

Yes, because we all know that the feds are only interested in charging criminals and never ever arrest someone for the newsworthiness of their arrest. Just ask Richard Jewell [google.com]

Re:Our Government aren't fools!

[Jahf]

Umm, yes, they had chemical weapons. Yes, they were willing to use them.

But do you really think that the U.S. Congress (or foreign governments) would have -ever- been willing to support a war if the only weapons we could "prove" existed were nerve gas launched from a SS-1 Scud missle (range of 700 miles or so)?

Plus you even bring up the possibility that they -did- destroy those weapons after Gulf War I. Gulf War II was sold on the premise that not only did they not do so but that they were in possession of even stronger weapons.

Was Husseing probably interested in sourcing larger weapons? Sure, but the point is he didn't from what every investigation has found. And by now some traces of nuclear devices and/or longer range missiles should have been found.

And if you do research into -why- those foreign countries thought Iraq had such weapons, you would find it was due to intelligence from the U.S. and G.B. that has proven to at least have been faulty if not fraudulent.

Should Hussein have been removed from power? Yep. But if the U.S. (of which I am a voting citizen) expects the rest of the world to behave in accordance to the U.N. and various treaties, we kind of need to lead by example. If GWB had been willing to wait another 6 months I believe he would have gotten the U.N. to throw in. And since there weren't significant WMD threats, the wait wouldn't have hurt the U.S.

Oh and don't forget the whole mess about going after Iraq because of 9/11, which has been proven to be tenuous if not plain wrong. If we wanted to take out the people who perpetrated 9/11 we should have gone to Saudi Arabia (Wahabism was the spark and support for Al-Qaeda) and the Phillipines (where Al-Qaeda cells are known to lurk and launch).

BTW, if you're going to say "Fuck you." it just proves that you're reacting from your own hatred, especially when you aren't willing to post from a logged-in account and have to be an AC.

Hate breaking it to you...

[Tuxedo Jack]

But now the Transponder gang (ABetterInternet) are making .xpis to install their shit in Firefox/Mozilla.

And yes, CoolWebSearch is a goddamned pain to get rid of. New variants are immune to Merijn's CWShredder; they require specialized tools (pv.exe, TheKillBox) to remove, and some even require booting to a command line (nearly impossible in XP/2000).

One guy at my office accidentally got some CWS variants on his machine, and the IT department - myself included - went through the router logs (school district, have to keep the logs, state law here) to see where he got it. This resulted in his getting fired (free pr0n site, and yes, he was logged in as himself).

In short, these little bastards really _can_ ruin your life and your machine.

Re:Hate breaking it to you...

[poulbailey]

> But now the Transponder gang (ABetterInternet) are making .xpis to install their shit in Firefox/Mozilla.

The Mozilla team is actively battling that. I'm confident that they won't let the situation escalate to IE proportions.

Firefox 0.9 will have a whitelisting permission system that disallows the installation of XPIs that don't come from trusted sites. It'll ship with a default list and let you add to it yourself as well.

It'll also block XPI installation triggered via onload, onmouseout and onmouseover. Check out bug 240552 and bug 238684 on Bugzilla for more on these issues (not linked because of a /. referer check).

Re:Hate breaking it to you...

[Tuxedo Jack]

No, it doesn't have much to do with me, except that I'm the resident antispyware guy at my school. That, and I'm a Helper on SWI.

I also had to break the news to the guy that he got canned. Let me tell you, there's nothing to bring your day down like that.

Theres got to be something we dont know!

[need2jive]

I seriously doubt that anything would be convicted as a sex offender just by a hisory of websites that his browser had been pointed to in the past. There has to be more to this than what we know.

Technical error

[42forty-two42]

Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.

All that means is that the cache got full, and those pictures were deleted. There's no point in putting data in unallocated space to begin with, and anyone with the technical skills to do so (add data without allocating a file) wouldn't be caught so easily.

Re:Technical error

[FartingTowels]

I guess they meant unallocated as in "not allocated for browser cache", e.g. in c:\myporn

Re:Technical error

[jpetts]

There has to be more to this than what we know

My thoughts entirely. The first question I asked myself was WHY were the Feds raiding his house in the first place?

Hmmm...

[dkirchge]

I may be expecting too much here, but it seems logical to me that even the most clueless luser might suspect that something was amiss if a flood of porn started popping up out of nowhere and at least ask a literate friend what's up. Like the first poster, I'm a little suspicious that this type of problem could go unnoticed for very long.

Spyware Woes

[RabidChicken]

I love Mozilla Firefox, love it. The AdBlock plugin and a custom host file keep me free of almost all ads, flash banners, and otherwise annoying Internet ads.
However, we like to preach about just switch and all your problems go away. For the most part that holds true, a switch to Linux, or even just Mozilla infinitely improves the quality of the computer.
However, most of the spyware comes as a result of user initiated stupidity or ignorance.
Now I understand stupid default choices by Microsoft and browser cause most of these problems, but if Linux does become a major player on the desktop (god willing) I think we will see more crappy scumware. Linux isn't a magic pill, just a better designed OS. It isn't idiot proof.
Right now I'm going to keep on recommending Firefox and keep getting signatures to get my school to, but in the future, I hope at least most of these problems will go away with the switch to linux (but I doubt it).

Welcome to the future.

[Gldm]

Where you don't need to do anything damaging or hurtful to commit a crime, just have the wrong information on your computer.

Yay for removal of civil liberties. Oh did the sites any of the images came from get sued? Of course not, it's not their fault they're publishing illegal material (if it even is illegal).

Because we all know looking at pictures is bad. I mean people always do bad things they see in pictures, right? I just can't wait until they finish the thought listening machine so we won't even need pictures for evidence. It'll just be "Hey you! You had bad thoughts about that person, you're obviously going to act on them, get in jail!" Or "Hey you, you thought about doing drugs! We can't have people using untaxed substances to enjoy themselves without hurting others, get in jail so you can learn to become a good consumer of only the harmful products our society approves of and generates money from at the expense of public health!" or "Hey you! You thought the person in charge of this country might be wrong! That's obviously not allowed, come here so we can kill you!"

Re:Welcome to the future.

[isorox]

Because we all know looking at pictures is bad.

True.

In other news everyone in the world that's seen the news in the last 2 weeks is being arrested.

Re:Welcome to the future.

[Alsee]

His insightful point was that if images of a crime are are themselves harmful, and if posession/looking at them justify prison, then we need to imprison everone who's seen all sorts of crimes on the news.

Either people aren't being imprisoned who should be, or people are being imprsioned who shouldn't be.

-

Re:Welcome to the future.

[Rob Simpson]

I'm no Randite, and I've never even read the book, but I remembered this quote:

"There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced or objectively interpreted - and you create a nation of law-breakers - and then you cash in on guilt."

- _Atlas Shrugged_

Re:Welcome to the future. (Slightly OT)

[Qzukk]

Any individual - most individuals, even - won't have any change of behaviour, but a measurable number will buy the advertised product because they saw the ad.

Wrong, wrong, wrong.

If this was the case, why haven't I got a giant stack of tampons here? I'm a guy, I don't use them, but I see all these advertisements for them, and by your logic I'm therefore compelled to buy them.

Unfortunately your logic simplifies things too much. You don't see an ad for shampoo, run out to the store and buy Head and Shoulders, and return home just in time to see an ad for Zest. No, there is a higher level at work here in rational people. An ad for Brand X Foo works because you need Foo and because you saw the ad for Brand X. These two combined cause you to act. I suspect even in irrational people something similar occurs, except that for those people up late nights compulsively dialing every toll free infomercial number, seeing the product also produces a need for the product.

Likewise, playing quake doesn't make you go out and kill people. You feel a need to kill people, then the fact that you play quake perhaps influences the manner of murder.

This isn't meant to condone child pr0n, as some child is being victimized to produce that stuff, but perpetuating this junk even to attack child pornography is wrong.

Re:Welcome to the future.

[Alsee]

Possesion of child pornography is not a "thought crime."

Right. It's criminal possession of information.

It gets particularly surreal when people try to justify criminalizing purely fictional information with purely fictional "victims".

If you go up to people without raising the emotional context of child porn and ask them what they think of the concept of "criminal possession of information", no criminal action to harm anyone, no criminal intent to do anything, just pure criminal possession of information, I think it would strike most people as absurd, as the sort of "crime" that only oppressive thought-control regimes like China would ever have.

The very definition of crime is supposed to be based on actually harming someone. Or intending to harm someone. Or knowingly assisting someone to cause harm. Or, at a bare minimum, recklessly risking causing harm to someone. Maybe I missed one, but there should be a very obvious theme here.

It seems pretty simple. If someone does any of those things then you throw them in prison, especially if they do one of those things to a child.

If someone doesn't do any of those things then you don't thrown them in prison, no matter how much you dislike it. I could list plenty of things that I really really dislike, but I have no right to point a gun at people and imprison them unless they HURT somebody.

-

Mozilla

[Ryan Stortz]

Not only will Mozilla (and Firefox)'s built-in popup blocking help you. They also do not support ActiveX scripting. You have to get a plugin for it, and even once you have the plugin installed the controlls are tighter.

Who's the moron that thought it'd be cool to embed executable code in a web page anyway? Well, he's not as big of a moron as the guy who let it execute ANY code.

Re:Mozilla

[Gldm]

I have no idea who [netscape.com] could have thought that using executable scripts [oreillynet.com] was a good idea. It was probably the same people [netscape.com] who thought up those annoying frames and then used their massive 85% marketshare monopoly to force everyone else to comply. I hope someone [microsoft.com] will someday give them what they have coming [wohl.com].

This...

[labratuk]

This reminds me of the saying "Nobody ever got fired for choosing Windows".

"No, but it did get someone registered as a sex offender."

You can't laugh this off, not even with Mozilla..

[Anubis333]

Malware is here to stay. I clean it of the computers of friends and family constantly. You can't hide behind Mozilla -or anything for the matter. You can use Ad-Aware [lavasoftusa.com] or the like, and that's about it. I gave up on trying to make others understand what 'safe browsing' habits are. Malware no longer requires you to click 'ok' to something. It just hijacks your system on page load. I myself had a Java based trojan install an ftp daemon in my system folder with an INI file that had accounts named 'xdcc-warez' etc.. I am very secure, but I wouldn't have known about this intruder unless my firewall would have reported the ftp daemon opening the port.

I have tried many types of virus protection and I refuse to run them. Symantec 2004 'Pro' or 'Corporate' is EXTREMELY intrusive. With *ALL* the auto search and protection off, it still runs many services that take over 15mb of ram! McAffee and everything else is about the same. I am all about performance, I will not have adware and virus protection software scanning every file written to my HD, every word doc I open, email I send, or page i visit; that's ridiculous; not to mention with all those things of, the services are still there for some reason. Also, I don't need a HUGE GUI interface with animated gifs and crap.

Spyware is here to stay, get some somewhat non-intrusive software to protect your family and friends, and as for yourself, I guess just check your firewall, and/or have it alert you when a weird program or service wants access.

Re:You can't laugh this off, not even with Mozilla

[c4Ff3In3 4ddiC+]

mmmmm.... F-Prot... Run it on a 200MHz Pentium with 64MB of RAM and you wouldn't know it was there. Small program, small memory usage, and updated almost twice a day.

Re:You can't laugh this off, not even with Mozilla

[Foolhardy]

I myself had a Java based trojan install an ftp daemon in my system folder with an INI file that had accounts named 'xdcc-warez' etc.. I am very secure, but I wouldn't have known about this intruder unless my firewall would have reported the ftp daemon opening the port.

Very secure? Running as an Administrator isn't secure. How did it create files in your system directory (assuming %SYSTEMROOT%\SYSTEM32 or anything else under \WINDOWS)? Non-admins don't have permission to create files there. Even if they did, it's not hard to change.

I am all about performance, I will not have adware and virus protection software scanning every file written to my HD, every word doc I open, email I send, or page i visit; that's ridiculous; not to mention with all those things of, the services are still there for some reason.

I agree that most AV software (esp Symantec and McAffe) is way too bloated. Still, with the autoprotect stuff off, there shouldn't be anything resident... I don't know for sure because I'm not running any anti-virus software anyways. Or a local firewall. My NAT router blocks all unsolicited incoming traffic; running my browsers as a lesser user and knowing what I am doing protectects me from local attacks.
I have had zero viruses, worms, malware, spyware, etc... in the ten some years I've been using computers. Yes, this includes my Windows computers. It's possible.

good malware

[mcguyver]

I received this link earlier today as spam... It took all the touble out of trying to find free porn on the net - thanks browser hijackers, whoever you are!

evil link to hijack your browser and force fee you porn [yahoo.com] - windows users click link at your own risk

Files in unallocated space

[lorcha]

Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.

Shame on you, Wired. From earlier in the article:

Jack originally believed that the images found on his computer were from a previous owner -- he'd bought the machine on an eBay auction.

Ok, here's what prolly happened:

1. Dude with his drive in two partitions downloads a bunch of pr0n and stores it on /dev/hda2 (or Windoze equivalent)
2. Porn-viewing dude decides to sell his computer on eBay.
3. Realizes that he can't very well sell it to someone when it's got child pr0n on it or he'll be goin' to jail
4. Nukes /dev/hda2 partition and thinks "ok, it's gone now. I'm in the clear".
5. Sells it to "Jack"
6. Jack gets his computer analyzed by the cops.
7. Jack gets fucked by the system.

Can I be a reporter now?

It is not that far-fetched at all

[maxmg]

Out of interest, when I rebuild my home server recently, I installed a fresh Windows XP (with SP1(!)), but nothing else. Then pointed my browser at www.netants.com (that site would probably deserve a good whacking) and sat back and watched the show.
Within five minutes, there was porn everywhere. The browser homepage (which also downloaded new tasty bits of spyware whenever the browser was launched), the favorites (it would take a determined smut-lover months to accumulate a list of porn sites that long!), the browser history, lots of links on the desktop, porn quick-bars, search bars, the start menu, and every other piece of mal-, spy-, ad- and crapware under the sun.

The scary thing is, I did not click on any buttons, links or otherwise. The website simply exploited IE flaws to install all this crap.
I then ran ad-aware [lavasoftusa.com] and spybot search and destroy [spybot.info] and the amount of shit that had been installed in about five minutes was absolutely staggering! After that, I continued using the machine for a few minutes, but could not shake the feeling that there was still a fair amount of *ware left on the box. I had to repartition, reformat and take a shower to feel clean again.

So it would be all too easy for Joe User, who does not quite grasp the concept of IT security in general and the necessity to upgrade in particular, to stumble upon a site like that and catch all that junk. After witnessing this, I will certainly be migrating my parents and other relatives to Linux/Mozilla as soon as I can.

I have now prepared an old laptop that I can restore quickly by re-ghosting with a virgin XP install. Every time I need to impress the importance of updating, configuring your system properly and generally staying away from MS software, I take the laptop along, open abovementioned site and ask people to clean up the machine. Normally they give up in disgust after firing up IE for the first time. Might be an idea to do that in court, too.

Re:It is not that far-fetched at all

[maxmg]

to clarify: netants is a download manager for windows that until fairly recently was free of spyware. It now comes with cydoor and all the stuff that gets in through the website. I used to use netants quite regularly, but have now switched to fresh downloads which does the job admirably. [freshdevice.com]

Re:It is not that far-fetched at all

[yuri benjamin]

After witnessing this, I will certainly be migrating my parents and other relatives to Linux/Mozilla as soon as I can.

Some folks will probably reply that when Linux gets more common, there will be crapware for linux too. This may or may not be the case (depends on whether you buy the "windows gets attacked because it's popular" argument). In any case, switching to linux will at least buy some time, since it will take a while for linux to get the user base required to make it a target for crapware.

Ditto for Mac.

Re:It is not that far-fetched at all

[Tim C]

Well, feeling brave I just pointed IE at that site and browsed around it a little and - nothing. No popups, no "please install this" dialogues, no browser hijacking, nada.

I keep my machine up to date with respect to patches, so it looks like whatever security flaws allowed it to act as you say have been fixed.

I had something like this happen to me

[nessus42]

I had something like this happen to me, but fortunately I wasn't arrested or fired: One day a while back I decided to clean up my Windoze computer a bit and logged into the default account, which I hadn't logged into in a long, long time -- typically I log into my own account. There were a few shortcuts on the desktop that I hadn't remembered puting there, so I double clicked on one of them and it took me to a kiddie porn site. I was not amused. The other shortcuts were also to kiddie porn sites.

I called up my ex-girlfriend, since she was the only other person who had ever used this computer, and I started ranting at her about how could she have been so cruel as to play that kind of practical joke on me. She clearly had no idea, however, what I was talking about.

So, it must have been some sort of virus, worm, trojan horse, or web-based vandalism that put those links there. Thank goodness I found them before letting a guest use the default account!

|>oug

New Virus Downloads Child Pornography

[Anonymous Coward]

London
Tuesday, 21st June 2004

Today, 23-old Welsh Web designer, Nomis Rollav, of Llandudno, North Wales confessed today for making the 'sextoy' computer virus and releasing it to the net. As one may have heared, 'sextoy' virus installs illegal pornograph and banned music content onto people's hard drives before spreading. The virus itself is quite clever, it tries to simulate a frustrated adult male anywhere between 3 and 5AM, it starts at one of 10 common sex portals and slowly browses, in a random sort of manner to other portals. It downloads to the unsuspecting user's computer videos of child pornography and even sodomy.

Where most viruses do minimal damage, or at the very most wipe someone's hard drive; the 'sextoy' virus is far worse. It has lead to a string of divorces across the bible belt of the United States. It has also led to widespread firing of employees in several fortune 500 corporations which have a zero tollerance for pornography. At the peak of the virus's life, it had prompted the jailing of innocent US victims by John Ashcroft and the US Justice Department.

When asked if he was repentant, Nomis replied: "Well, I'd do two things differently if I had a chance. First, I'd find some way to piggy back on other people's habits, for example, if they go to Fredricks or Victoria Secret regularly, I'd make sure to mix the vits to child porn sites with visits to their normal viewing habits. Second, I'd build an IM client support so that the virus can attempt to corner policemen disguized as underage females. Third, I'd make the virus a bit more self limiting; this one was far too successful."

Legal scholors across the globe are wondering how to make viewing illegal pornography enforcable. The recent push-back on legislation happened when US Senator Orrin Hatch's own computer became infected causing him to be picked up, accidently by the "p0rn police". The very next day Senator Hatch introduced legislation making it a terrorist act, and punshable by death, to make viruses which spread pornography. The legislation also makes those with assets of more than one million dollars immune to the anti-porn laws. Senator Hatch was not available for comment.

A total farse

[t_allardyce]

Its pretty stupid that we've got to the stage where simple web scripting can have so much control over your browser/computer. It seems that javascript for example was designed with no regard to security, or more likely badly implemented by the likes of Microsoft. The plain and simple fact is your browser should stop bad scripts and/or ask you if you want to allow something, its certainly not rocket science to implement that people come on - were talking "if script wants to open/close a window or go somewhere, ask user first" thats about 3 lines of code that should have been implemented back in IE 3, why wasn't it?

To a certain extent its now appearing, IE will tell you "This website wants to close a window, do you want to allow it?" too little too late. Most other browsers have built-in pop-up blocking but even they took their time. Its basic security-101 that if you're dealing with a script that can be run by anyone you restrict what it can do. Same thing goes for Microsoft Outlook VB scripting. If people implementing these things weren't idiots we would have actually gone through the 90's with out annoying pop-ups and Outlook worms!!!! can you believe that??!? Microsoft is pretty much single-handedly responsible for opening these holes and for nearly a decade no-one has pointed fingers!!! Can i even add any more exclamation points or question marks?!?!?!?! Ok so its not just MS but mostly it is, given their browser share.

Other than web scripting/activeX etc. etc. which could be easily secured, there's real OS level holes, and tricking users into downloading and running things. Again who do we all need to point at? I don't expect every computer user to know that downloading random programs can be bad, but at the very least warn them! or at least run that program with limited permissions automatically unless they override it!

I just cant understand why all this is allowed to happen? someone please explain?

Re:A total farse

[mabu]

One big problem is that Microsoft's custom security options are either vague or misleading. If you disable ActiveX, you can't run Windows Update, so you're left with leaving vulnerable systems enabled in places where you would prefer not. MS has a number of different names for different enabled/disabled features: active scripting, activeX, MicrosoftVM, data sources across domains... most people have no idea what this means. They can't merely say "disable Javascript", they have to bundle divergent services into misnamed categories making it difficult to figure out how to secure your browser or even what you're doing.

Internet Explorer's deliberately obtuse configuration interface is mostly responsible for this mess. Microsoft could add more options described in a more specific manner so users could make informed decisions over what features they want to enable/disable. Microsoft has apparently deliberately chosen to obfusicate their security options, specifically to avoid any user's finding easy ways to enable the more-secure non-Microsoft technology over the less-secure Microsoft "features."

Re:A total farse

[ewhac]

It seems that javascript for example was designed with no regard to security, or more likely badly implemented by the likes of Microsoft. [ ... ]

Alas, no. The blame for JavaScript may be laid firmly at the feet of Netscape, who invented it in part as a "respose" to Sun's Java. Any moron with even a passing familiarity with MSWord macro viruses would have realized that including and automatically executing code within what is fundamentally a document was a monumentally stupid idea. But no, they did it, anyway.

Microsoft doesn't get off scot-free, however. They uncritically re-implemented this braindamage and -- as first-hand observers of the problems caused by MSWord macro viruses -- had even less excuse for proliferating this.

Schwab

What do they mean by "Unallocated space?"

[geminidomino]

Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.

When I hear "unallocated space", I think of, i.e., unformatted filesystems, unpartitioned hard drives, etc... Maybe they're referring to "deleted" files? A file would end up there from the cache if he clicked on the "empty cache" button fer chrissakes.

So, shall we vote whether to consider this poor shmuck the first casualty in Ashcroft's "War on pr0n?"

Troll site defeats mozilla popup protection

[phr1]

This bit me in the Plextor 12x burner thread:

http://plextor.bounceme.net/

No I'm not going to link it; you can paste it yourself. WARNING, it goes to a browser hijacker that puts up a cascade of goatse.cx variety shock pictures. Not work safe. It completely wedged Mozilla 1.6 when I clicked on it. I didn't try in 1.7. Blecccch. If you look at it, don't say I didn't warn you. Note that if you turn off Javascript, you just see a blank page.

The JS in it also tries to capture the text from your clipboard and send it to the remote server, though I hope Mozilla isn't stupid enough to let THAT operation work.

I'd go after the IT guy

[digitalgimpus]

It says in the article:

"Eventually, thank God, IT found some program on there that they said could have caused the problem. But for eight days I was sure I'd be fired, and I was terrified. I have a family to support. Jobs aren't easy to come by these days."

But they apparantly still filed a police report.

Quite possible a false police report? Either way, it wouldn't be a bad idea for the DA to open up a little investigation into the company's IT department to see if they were withholding anything, or intentionally overlooked things.

Something doesn't smell right about this case. I've got a gut instinct that company of his found an opportunity to make an example of him for the infamous "no personal use" policy, and decided to exploit him... and it just got out of hand.

If that guy went to jail...

[Compulawyer]

AND IF he is telling the truth about not actually surfing to child porn sites, then he is a victim. I have a hard time believing that malware caused his browser to go to kiddie pr0n sites. I have a slightly easier time believing that the kiddie pr0n images were on the drive when he boght the machine from eBay. But what I find notable is the lack of any detail regarding what investigative steps his defense lawyer took to see if he was truly responsible.

Until lawyers get technically savvy, laws affecting technology will be terrible.

yrs in prison etc...before the investigation? yes!

[Dever]

having been subjected to a public defense attorney before (and no, not for kiddie porn) i can attest that it is in their best interests (and the prosecutor, don't think there isn't some unspoken knowledge of how this works between them) to instill fear into a defendent and recommend they take a plea bargain before even ASKING te defendant what really happened.

a public attorney is awarded a wage, that is added to the fines of the convicted person. it isn't worth their time to go to trial and waste a bunch of money when they can just get the defendant to agree to a plea and at that point count on a thousand (or more) or so bucks payoff RE that case all for just visiting jail a few times and showing up in court once or twice.

from all the people i spoke to (yes, spoke to *in* jail who were serving time) it's common to sit down, and have them tell you you're looking at 3-4 years in prison (this of course varies) and recommend you just take a plea, all without even fucking asking about your side of the story.

yes, i'm bitter about it, but even moreso i'm angry for all the people whose lives get caught in the justive systems interminable process of rapid conviction commerce.

i can give you one rule, and it of course might be more obvious to some than others (like a frightened 18 year old in jail, or anyone else really) is that ALWAYS get a private defense attorney, NEVER trust your life with a public defender.

Interesting quote

[jfdawes]

"Committing a felony is very easy; it just takes one click."

The guy should sue Amazon, they have the patent on that

This happened at my former employer's site

[Lord Kano]

There were training rooms set up with several computers around the perimiter. One day during a training session, while no one was seated at it, out of apparently nowhere a popup ad featuring big bouncing naked breasts came up.

Since no one was using the machine at the time, it was obvious that it had been hijacked. If some poor sould had been sitting there at the time, they would have either been fired on the spot or placed on a "final warning" for it.

LK

Computer + Internet = potential risk

[cpu_fusion]

Given the known fact that many (MANY) exploits have existed for browsers such as IE, and many still exist as zero day exploits, one has to wonder how ANY CONVICTION can occur based on the activities of a computer system without a confession, (coerced or otherwise.)

Once malware is running on your system, it chooses what to do -- or rather, it's author chooses to do. Sure there are possible defenses to malware, but none of them are foolproof. The vast majority of Internet users are spread eagle on the information superhiway, relying on Bill Gates to guard their anus.

In fact, there is no way to prove that any activity originating from a computer system was produced by the user at that computer system short of either filming them doing it (and you gotta love digital film folks!) or hooking up a device to their brain. (Wait a few years for that.)

Not convinced? A trojan can install itself without detection, do whatever the hell it pleases, and cover its tracks completely. All it needs are the right holes, and if you don't believe the holes are there to be found then you obviously don't read the news. Just imagine if that teenager from Germany caught this last week had decided his worm should mail death threats to public officials, or download illegal pictures, before shredding itself completely off the hard drive after propagating. The malware writers have, on the whole, been very very kind and very very stupid so far people; well, at least the trojans/worms/viruses/spyware we know about.

Even going beyond this, there's always the question of physical security on a machine. If someone can access a computer physically, chances are they can plant whatever they want to on it, AND YOU WONT BE ABLE TO DISTINGUISH IT FROM NON-PLANTED EVIDENCE. That, my friends, sucks.

The digital world is a scarey scarey place. Gone are the physical evidence trails. And don't think prosecuters dislike this new domain; it makes their job easier, not harder. Prosecuters don't have to consider the very real possibility that the actions of a computer system were hijacked. They only have to MAKE THINGS TERRIFYING ENOUGH for you to force you into the only rational decision; to take the deal, to sell out the truth and your rights to a jury trial because the cost of trying to convince someone on a jury that a completely untraceable event is possible in this digital world, something tantamount to "magic" in the real world happened. Good luck!

Cheers and remember, there's really no way you can prove I posted this

Salem Witch Trials: history repeating

[ajs318]

In order to make any sense of this, we need to understand a bit about psychology. Men today are basically -- and with good reason -- shit-scared of being accused of any sexual offence, but especially paedophilia. You only have to look at the news reports on TV and in the papers.

So we live in denial. We try to pretend there is no such thing. But as soon as a real, live person is discovered who is suspected of being a paedophile, then a defensive mechanism which dates back to cave-man times kicks in. We are so desperate not to be that suspect, because we are doubly afraid -- revulsion at the thought that we might be capable of doing that, plus fear of the punishment we are conditioned to expect. All the time, we are exposed through the media to a gamut of images such as Britney Spears dancing erotically in clothing reminiscent of school uniform. And children -- especially girls {Western society has pretty much abandoned boys altogether, but that's another story} -- are adopting what would traditionally have been seen as the trappings of adulthood at a much younger age. These conditions are an ideal breeding ground for irrational behaviour.

People attack suspected paedophiles because they don't want to be suspected of paedophilia themselves; and if you are in a vigilante mob, baying for blood with the rest of them, then obviously nobody else in that mob thinks you would make a good next victim.

Mac OS X

[xirtam_work]

I switched from Windows to an iMac with OS X last year. I have no problems with spyware, viruses, malware, whatever at home.

At work it is still a nightmare to deal with all the PC's I have to maintain - especailly the home PC that belongs to my boss. His kids are constantly downloading shit and installing it - sometimes without knowing.

Re:Yeah, that's highly likely!

[Vampyre_Dark]

That would require some form of intellegence at the justice department.

Re:Yeah, that's highly likely!

[Short Circuit]

It doesn't matter if there's evidence that the defendant is not guilty. In fact, they're probably inclined to ignore any they find.

Their job is to attempt to prove to a judge or jury that the evidence that the defendant is outweighs the evidence that he isn't. And, unfortunately, a lot of people don't have a problem with "those nasty criminals" being convicted on quetionably evidence.

Re:Yeah, that's highly likely!

[jebell]

I am a lawyer, and a former prosecutor, to boot. I never worked in a sex crimes unit, but I thought I'd offer my thoughts:

I didn't see that this was a federal case, so the Justice Department probably wasn't involved. If I missed it, I'm sure someone will correct me, but I don't think the feds just go after a guy with a few pics on his computer. It's more likely local cops and prosecutors.

That said, generally prosecutors have to turn over exculpatory evidence. Prosecutors are not permitted to second-guess what's exculpatory and what's not. If they don't turn something over, the defense can ask the judge for a number of sanctions, the most extreme of which is a dismissal of the charges. No prosecutor I know of would risk that or risk being made a fool of in front of the judge. Naturally, there are going to be instances where the prosecutor doesn't turn something over because of an oversight and there are very rare cases where prosecutors intentionally withhold evidence.

One comment indicated that the prosecutors should be able to tell whether or not the pictures happened all at one time or spread out over a span of time. The prosecution is required to turn over the evidence only; not their intepretation of the evidence. So, they'd have to either (1) turn over a perfect copy of the hard drive; or (2) allow the defense to examine it. If they employ an expert, however, they'd be required to turn over his opinions and the bases for them.

Re:Yeah, that's highly likely!

[jebell]

No problem; I enjoy contributing to conversations I have some knowledge about, instead of just pretending like I normally do. System-wide abuse is a lot less prevalent than it used to be. When I was a prosecutor (2000-2002), my jurisdiction had about 10 different police agencies that would submit cases to be prosecuted, in addition to some other specialized state agencies. For the most part, the police were pretty clean. A couple of the agencies had a reputation for shoddy police work, but nothing abusive. I learned pretty quickly which cops were honest and which weren't. Thankfully, there were only a few dishonest cops. A few more were just lazy, which can be just as bad as dishonest, but for the most part they did a good professional job.

Coincidentally, my father is a retired FBI agent. I've never dealt with the FBI in a professional setting, but I know a little of the history. The FBI under Hoover was used to keep track of all kinds of people that Hoover saw as a potential threat. Thus, the FBI investigated everyone from Martin Luther King, Jr. to Elvis Presley. They undoubtedly used means to discover information that, by today's standards, would be considered illegal and abusive. Most of the time, this would not be a problem for the FBI because the sanction for obtaining evidence illegally is to throw the evidence out. If they're just keeping tabs on you and you're never arrested, there's little chance that you'd ever know about it.

That said, the FBI was usually way ahead of its time when it came to ensuring that they got their man. For example, they were employing Miranda warnings long before the Supreme Court issed the Miranda v. Arizona decision, which required the police to read a defendant his rights before questioning him.

One of the really great contributions of the FBI is that, wherever they interacted with the local police, they would encourage the local cops to adopt the same practices. This ultimately led to the creation of the FBI National Academy, where local police forces send their cops for training on legal issues as well as investigation techniques.

Re:Yeah, that's highly likely!

[shadowbearer]

A serious (and somewhat general, since you're here) question:

How much ignorance do/have you seen with regards to somewhat obscure computer knowledge such as browser caches (or tmp files, or /var/log files)? I know you said you haven't dealt with sex crime_internet cases, but I'm more interested in the IT cases overall.

Who does the presiding judge tend to believe - those who can present the case in the terms the judge can understand, or the experts who really are cognizant of the technology involved? Is there a significant ratio?

(I know they are not mutually exclusive, I'm wondering about the cases where they weren't, which in IT patent cases seem to be too often.)

SB

Re:Yeah, that's highly likely!

[lonesome phreak]

To quote from the article:

Brian Rothery, a former IBM systems engineer who has been researching Jack's claims, pointed out that a significant portion of the images and URLs cited in the arrest papers are from fairly tame nudist sites, as well as adult sites that do not contain illegal materials.

He said that however the pornography arrived on Jack's computer, "the evidence wasn't handled properly, and his lawyer did not do his job."

Jack said he opted not to fight the charge because his lawyer told him he would probably receive a harsher sentence if he went to trial.

It seems he was scared into just accepting whatever was handed to him. It never went to trial, never in front of any jury. I know the feeling...I was in a similar situation. Not from pornography, but something else. I didn't bother fighting it due to lack of resources:

"The police raided my house on Sept. 17, 2002," said "Jack," who came to the United States from the former Soviet Union as a political refugee, and has requested that his name not be published. "Nobody gave me a chance to explain. I was told by judge and prosecutor that I will get years in prison if I go to trial. After negotiations through my lawyer I got 180 days in an adult correctional facility. I was imprisoned for 20 days and then released under the Electronic Home Monitoring scheme. I now have a felony sex-criminal record, and the court ordered me to register as a predatory sex offender for 10 years."

Basically, this guy was afraid of something worse happening, so he didn't fight it at all...

"They are very eager to get conviction," Jack said. "Nobody can fight those powers.

He knows that he can't fight a system stacked against him. I wonder if he had a "public defender".

Re:Yeah, that's highly likely!

[mpe]

It seems he was scared into just accepting whatever was handed to him. It never went to trial, never in front of any jury. I know the feeling...I was in a similar situation. Not from pornography, but something else. I didn't bother fighting it due to lack of resources:

This is more of a "lawyer problem" than a computer problem. There are cases of this kind of thing happening with people accused of all sorts of things.

He knows that he can't fight a system stacked against him. I wonder if he had a "public defender".

One who would prefer that his/her clients plead guilty or "plea bargin" rather than actually take any case to trial. In some cases this appears to be the specific policy of law firms. The people who tend to be "railroaded" in such cases are those unable to afford to pay their own lawyer and who are not habitual criminals (these tend to know how to "play the system".)

Re:Yeah, that's highly likely!

[Sycraft-fu]

Well that's just it, prosecutors are free to ask for a guilty plea at any time. As soon as you are charged (or indicted if the crime is serious enough to require it), they can ask you to plead guilty. You are not, however, required to accept the plea bargain.

A plea bargain is just that. The prosecutor offers to cut you a deal in the form of less time in jail and maybe lesser charges in exchange for a plea of guilty with no trial. The reason for this is trials are expensive, and not a sure thing. So if you are guilty, and if they have evidence that is likely to show you are, it is in your best intrests to take a plea bargain.

However they can't force it on you. You are gaurenteed your day in court. So, if you are innocent, you should NOT take the plea. Espically if there is exculpatory evidence. You can have your own experts look at the evidence, and, as noted, get the results from their expert. They aren't allwoed to say "nope, can't see what we are doing". You and your lawyer can, and should, look over their findings if you innocent to tear them apart.

Re:Yeah, that's highly likely!

[jhylkema]

This is not legal advice. You are not a client. I'm not even an attorney. If you want legal advice, contact an attorney admitted to your jurisdiction's bar. What I am saying here is probably 100% wrong and if you do anything in reliance upon it, you are a blithering idiot [guardian.co.uk] who deserves whatever bad shit [nwsource.com] is very likely to befall you.

Okay, now that the requisite idiot-proofing is out of the way . . .

The US Supreme Court [supremecourtus.gov] passed on this issue a long time ago. The case was Brady v. Maryland [findlaw.com] 373 US 83 (1963). Quoth the headnote from the opinion:

Suppression by the prosecution of evidence favorable to an accused who has requested it violates due process where the evidence is material either to guilt or to punishment, irrespective of the good faith or bad faith of the prosecution. Pp. 86-88.

Another US Supreme Court [supremecourtus.gov] case to pass on this issue was Kyles v. Whitley [findlaw.com], 514 US 419 (1995). Here, Kyles was arrested with the murder victim's car, her groceries, and her purse. He was convicted and sentenced to death. He almost definitely did it, but because the prosecutor failed to turn over possibly exculpatory evidence, his conviction was tossed and he was released from Angola prison. So yes, the prosecutor does have to disclose possibly exculpatory evidence and no, it does not vary from state to state. HTH

Re:Yeah, that's highly likely!

[Anonymous Coward]

Amen. Good stuff from TFA:

Telling people that "the computer" is downloading pornography on its own often provokes smirks and disbelief.

"I have to say it's like insisting the dog ate your homework," said Jeff Bertram, a systems administrator in New York City. "Are you going to admit that you downloaded porn to your pissed-off spouse or employer? Or to a judge? Hell no, your honor, it wasn't me. The browser did it."

Bzzt. Bullshit alarm. Spammers lie, well, so do ordinary people. Parent is dead-on,

Re:Yeah, that's highly likely!

[Short Circuit]

Well, I hope he appeals. And gets access to his hard drive, so he can have his own experts analyze the data.

Like another poster said, you should be able to determine something from the timestamps on the files.

If the data's missing, or even more recently accessed than when he last had the machine, he could also go after the Justice Department for destroying evidence.

As an aside...I've got a friend who's on the sex offender registry here in Michigan. He'd been accused of sexually abusing the child of a woman he'd thrown out of his house. (He'd been telling her to get a job and find another place to live for months...finally, he just threw her out. She turned around and filed charges. No medical evidence was offered, but it was still a better deal for him to take a plea bargain.)

It ain't pretty, and I pitty anyone who's been put on there without having actually done the crime.

Re:Yeah, that's highly likely!

[jebell]

Well, I hope he appeals. And gets access to his hard drive, so he can have his own experts analyze the data.

What's he going to appeal? It was a plea bargain; he gave up most of his appellate rights. The only thing that stands out in my mind is that he could file an appeal based on ineffective assistance of counsel. In my experience, though, he wouldn't be likely to do this for two reasons: (1) appeals are extremely expensive; and (2) a claim of ineffective assistance of counsel has to be predicated on some kind of extreme negligence or malpractice on the part of the attorney. Bad advice alone isn't enough to warrant a reversal of his conviction.

Plea bargaining is not a good deal.

[yog]

I've seen a similar scenario up close, except that it was her husband and her brother that she accused of sexual abuse of the children. She had been going to a "religious" group for years and basically had been inducted into a cult; apparently when the husband started objecting to how she was siphoning money to these crooks they told her to make these false accusations in retaliation.

The men wisely chose to fight the charges, and both the brother and the husband ultimately were completely exonerated. The husband won custody of the children, and the accuser has lost all credibility. Before he was cleared, the brother, who had just finished eight years of grueling 120-hour weeks to build his medical career, spent about six months wondering if the next knock on the door was going to be the police come to lock him up and destroy his life in the blink of an eye.

Playing the pedophilia card has become a weapon for vicious and cynical people; it's easy to horrify juries with graphic descriptions of pedophilia, and children can be coached to say almost anything. Lives have been ruined, careers destroyed, and children traumatized almost as much as if true pedophilia had occurred.

This is not to say that there aren't plenty of pedophiles out there who need to be incarcerated to protect society, but it's such a travesty of justice that someone could easily wind up in jail or on a sex offenders list for the rest of his life as the result of a false accusation. If the accusee is innocent, plea bargaining is never a wise move, no matter what one's lawyer advises. Lawyers are out to help themselves, not their clients. Fight them, take lie detector tests, show them your home PC, whatever it takes to establish your innocence. This Russian guy was tragically mislead by a crook with a law degree; I hope he can somehow clear his name but he's into it pretty deeply now.

Re:Plea bargaining is not a good deal.

[bckrispi]

If the accusee is innocent, plea bargaining is never a wise move, no matter what one's lawyer advises.

If you live in Arizona, it's often better to cop a deal even if you are innocent. Punishments for Crimes against children in this state are particularly harsh. If you're convicted in a Jury Trial, you'll be facing mandatory consecutive sentences If you're accused of touching a child 10 times, that's a mandatory 10-24 year sentence for each charge. That's 100-240 years in prison without possibility of parole. If I, as an innocent, were faced with this situation, I'd really have to consider a plea bargain rather than take the risk.

I'd consider..

[trezor]

..hiring a hitman for whoever set you up or falsely accused you.

Seriously. If the punishments are this hard, and it's easy as "the touch of a button" getting people convicted, you guys have a problem.

People getting killed for such abuse of the legalsystem might set the balance more straight, though.

/not endorsing murder, but not endorsing ruining innocent lives either

Re:Plea bargaining is not a good deal.

[Maestro4k]

• The men wisely chose to fight the charges, and both the brother and the husband ultimately were completely exonerated. The husband won custody of the children, and the accuser has lost all credibility.

They were lucky, but I have to wonder, were they really completely exonerated? Legally I'm sure they were, but in the court of public opinion, did everyone hear about the exoneration? Did they believe it? I highly suspect the answer to both will be no.

• Playing the pedophilia card has become a weapon for vicious and cynical people; it's easy to horrify juries with graphic descriptions of pedophilia, and children can be coached to say almost anything. Lives have been ruined, careers destroyed, and children traumatized almost as much as if true pedophilia had occurred.

This is very true, and the major problem is that the mere playing of the card is all that's needed to destroy a person's entire life. No proof of guilt needed. The public all hears about it on the news (and the news media LOVES to report these things, very sensational you know) and that's it, the guy's a pedophile and they'll never think differently.

Many people win the legal battle and lose the war big time. They end up having to move, change their name, etc. just to live a normal live -- even though they were never convicted (and in some cases even charged) with a crime.

This is sadly a horrid abuse of our justice system. I keep hoping someone whose life was ruined in a case like this will turn around and sue their accuser and the media for it. I'm not one to normally advocate lawsuits, but these people's lives are ruined by the media sensationalizing things. Since it's not sensational (or even interesting apparently) to report when the charges are dropped, the case is lost, the accuser found to have made it all up, etc. the media almost never reports about the exonerations of acussed pedophiles. Perhaps losing a hefty lawsuit or two would get them to either 1) start reporting the exonerations with as much vigor as the accusations, or 2) stop reporting things before there's at LEAST a charge filed. Either of those would help immensely. Sure there'll be those who hear about the exonerations and not believe them, but if they're regularly reported the harmful affects of the accusations would be mostly negated. (And I suspect a lot of people would be surprised to find out how many acussed of these types of things turn out to be innocent.)

On the bright side, if that happened, the ability to play the pedophile card irresponsibly would probably mostly stop. After all if the ability of it to harm innocents goes away, it's of no use to those that currently abuse it.

Re:Yeah, that's highly likely!

[jebell]

Ummmm... I don't think "contingency" means what you think it means. A contingent fee is a fee that is collected based on the amount of the award. The most common use of contingent fees is in personal injury cases; if you've ever watched TV, you know darn well that Dewey Cheatham and Howe doesn't cost you a cent until and unless you collect.

Furthermore, it's considered unethical (I know, I know, insert lawyer joke here) to collect a contingent fee in a criminal case. Why? Because then attorneys wouldn't take criminal cases they knew they would lose and poor Joe Child-Molester would never find competent counsel (contrary to popular belief, public defenders are only available to the indigent; most jurisdictions require a person seeking a public defender to disclose their financial information).

Re:Yeah, that's highly likely!

[malchus842]

Maybe. But do you want to bet your future on your lawyer convincing a skeptical judge and jury that it was a technology problem? After all, they have evidence that the pictures were on your machine, under your control. I don't think I'd want to bet my future on that.

Moral of the story - use pop-up blockers. Run AdAware. Run AV software. Get some software that wipes unused areas of your hard disk and "shreds" files you delete. Be paranoid.

And yes, in the "old" days I ran into the same problem that the person described in the artcile had, but I was savvy enough to clear up my machine, wipe out the last vestige of those files and run software to wipe the unused area of the hard disk with random data.

Re:Yeah, that's highly likely!

[BrynM]

But do you want to bet your future on your lawyer convincing a skeptical judge and jury that it was a technology problem? After all, they have evidence that the pictures were on your machine, under your control. I don't think I'd want to bet my future on that.

That might be as simple as looking at the Judge's PC. I bet Spybot would find a few untidies in there with the associate pictures to help too! Then we'll look at his SPAM...

Re:Yeah, that's highly likely!

[gl4ss]

so moral of the story for normal people is: become a magician?

*"Nobody gave me a chance to explain. I was told by judge and prosecutor that I will get years in prison if I go to trial. After negotiations through my lawyer I got 180 days in an adult correctional facility. I was imprisoned for 20 days and then released under the Electronic Home Monitoring scheme. I now have a felony sex-criminal record, and the court ordered me to register as a predatory sex offender for 10 years."*

huh? you actually NEGOTIA

Re:Yeah, that's highly likely!

[Hatta]

Yeah, the plea bargain system is fucked up. It just encourages police to charge people with worse crimes than the state can support, and extort a confession out of possibly innocent people.

Think about it. If you exercise your right to trial by jury, and lose, you may well end up with a much worse sentence. What this amounts to is the government punishing us for exercising our rights! Allow me to requote Chief Judge William G. Young of the Federal District Court in Massachusetts, from an excellent article [cato.org] (warning PDF) at theCato Institute [cato.org].
For completeness, there is a companion article [cato.org] in favor of plea bargains.

Evidence of sentencing disparity visited on those who exercise their Sixth Amendment right to trial by jury is today stark, brutal, and incontrovertible.... Today, under the Sentencing Guidelines regime with its vast shift of power to the Executive, that disparity has widened to an incredible 500 percent. As a practical matter this means, as between two similarly situated defendants, that if the one who pleads and cooperates gets a four-year sentence, then the guideline sentence for the one who exercises his right to trial by jury and is convicted will be 20 years. Not surprisingly, such a disparity imposes an extraordinary burden on the free exercise of the right to an adjudication of guilt by one's peers. Criminal trial rates in the United States and in this District are plummeting due to the simple fact that today we punish people-- punish them severely -- simply for going to trial. It is the sheerest sophistry to pretend otherwise.

Re:Yeah, that's highly likely!

[Evil MarNuke]

you actually NEGOTIATE such things before the thing is even INVESTIGATED properly?

Yes you do. Let say something happened and you are arrested on Thursday. They charge you with a crime and you are now looking at five years in jail. Friday morning, the judge sets bail at $50K. Your checking account has little over $1k and there about $3k in savings. You rent an apartment and drive a car valued at about $10k with $8k owed. You also have a wife and a kid. A lawyer costs about $20K to go to jury trial, but it will take three month to go to trail. In the mean time you sit in jail. A bench trial costs $3k, which is nothing more then a better pea bargin then the public defender can offer. It also gets you out of jail until trial. The public defendent is free, but is only intrested in pea bargining. They offer a pea bargin that will get you out in a 20 days, but you are on probation for five years and have a felon convention now. What do you do?

predatory_ sex offender, sounds kinda nasty doesn't it?

Would you rather be a plunder of kiddie sex offender?

besides in what kind of a nation that even pretends to be free if you're thrown into jail without a 'chance to explain' ie. hearing with an expert?

A nation that is intrested in profitting from crime. The cost to keep one person in jail for a year is about $25K. There are over 2 million people in jail in American (22% of the world jail pop,btw). That means incarcerating people is a 50 Billion dollar industry!! That's not including lawyers, court cost, judges, cops, probation fees, the value of prison labor used by private companies. In fact, most states spend more to build more jail then on colleges!!

The basic truth is there is a big money in criminalizing people. That's why if you are the one on wrong side of the law, you will get fucked. And only the o'mighty dollar will save you.

Re:Yeah, that's highly likely!

[trawg]

Moral of the story - use pop-up blockers. Run AdAware. Run AV software. Get some software that wipes unused areas of your hard disk and "shreds" files you delete. Be paranoid.

It sure is a pity this stuff isn't built into the Windows operating system.

Oh, yeh, that's right - if Microsoft did actually do this, they'd just absorb another anti-trust suit and get accused of using their 'monopoly' to put all those hard working anti-virus/anti-spyware companies out of business.

Anti-trust vs Anti-virus

[bigsteve@dstc]

Oh, yeh, that's right - if Microsoft did actually do this, they'd just absorb another anti-trust suit and get accused of using their 'monopoly' to put all those hard working anti-virus/anti-spyware companies out of business.

This is way off. Microsoft were not slapped with the web browser anti-trust lawsuit because they bundled IE. The lawsuit was because of clear anti-competitive behaviour:

1. They gave away the unbundled versions of IE for free.
2. They made it very difficult for end users to get rid of the bundled install of IE (post Windows 95)
3. They forbade ISVs from putting other browsers on the Window desktop.

If Microsoft were to fix the security / virus / spyware related problems in Windows, this would not necessarily be an anti-trust issue. It would all depend on whether they used their monopoly position unfairly.

Re:Yeah, that's highly likely!

[StevenMaurer]

The problem is that it's not easy to "prove". File creation dates can be manipulated pretty easily.

Now is it easy for prosecutors to essentially figure out? Yes. But then you are at the mercy of whether the DA wants to make 'an example' of you, regardless of whether you actually committed the crime.

This happens more often than you might think. It's a pride thing. Furthermore, in certain jurisdictions, it's a job performance thing too -- prosecutors are evaluated on their conviction percentage.

Trust me. No matter how obvious the facts are, the best way to stay out of the system is to never get in it at all. Miscarriage of justice isn't just something that happens in Iraq.

My mom's PC

[microbob]

Heh, last time I visited my parents my mom complained about all the porno pop-ups. I was like *holy shit* when she showed me what was going on.

Ran ad aware and she had about 280 spyware/crapware programs on her PC (goddam elf blowling program :>)

After we ran that and Search and Destroy, installed Mozilla and ZoneAlarm her system runs much better.

I can see a shred of thruth in this guy's story, but all my porno is placed on my system on purpose (and no, no kiddie stuff :>)

-mb

Re:My mom's PC

[trawg]

(goddam elf blowling program :>)

ummm, where's the typo here, exactly? What is your mom up to?!

illegal porn

[phorm]

Which brings me to the question... if a program installed is popping up porno sites that include illegal material (kiddy, animal, etc), shouldn't the perveyor of that software (or the parent software which installed it etc etc) be liable?

I've not seen it myself, but I just recently ran into a low-tech computer user who proclaimed that his computer was getting popups of porn and, to quote, "sick shit, like kids and stuff."

I've had various sites sent me to popup hell with advertisements for so-called "lolita" porn, some of which is definately of dubious legality. I've not yet had any software do so, but then again I haven't accidentally installed such crapware in quite awhile.

If I were to be able to trace what were popping up the "sick shit," would I then be able to get a criminal investigation into the parent company. Moreso, could I do so without getting those with the actual material it downloaded (browser cache etc) nailed for having such things on their PC?

Re:WARNING: Mozilla cannot protect you

[Ravadill]

This gets past the Mozilla/Firefox blocker by using target="_blank" which somehow bypasses it.

Add the following to your user.js to stop it:
// disable target="_blank" (open in same window):
user_pref("browser.block.target_new_wind ow", true);

Stolen from Texturizer.net:
http://texturizer.net/firefox/tip s.html#beh_blank

My browser-hijacking horror-story

[The Famous Druid]

I mis-typed the URL of my preferred search-engine, and ended up at a typo-squatting porn-site that proclaimed itself to be
"The official internet incest site" and filled my screen with a series of images best left undescribed.

It did the usual thing, you close one window and it opens another 2, and I was at work so after a few seconds I took the brute-force approach and turned off the power.

I pulled the network plug, re-started the computer, and fired up the browser, sure enough, the browser immediately tried to access the same site. It took me over an hour to clean the f**king thing off my PC, all the while being secretive about the whole thing because I didn't want to explain to the boss why I had these websites in my browser history.

And I couldn't even report the bastards to the cops, as there was an article in the paper a few months earlier about someone who had a similar experience, called the cops, and ended up facing criminal charges as they took his complaint as a 'confession' to the crime of downloading child porn. I never heard if he was convicted, but call me a coward if you like, I'd rather not try my luck with the court system.

So, nudge-nudge-wink-wink all you like, but it does happen, and one day it may happen to you.

Re:Proof?

[canajin56]

"We found the gun, and the bullets match the ones found in the body. Additionally, there was video evidence of the killing, and we found traces of the victims blood on his shirt. He claims he was visiting his mother at the time, and has no idea about the blood and the bullets. If he was out of state, his mother should be able to verify his claim"

"Outragous! Whatever happened to 'innocent until proven guilty'???"

For those of you who don't get the example, nothing happened to "innocent until proven guilty." The phrase means that, up until you have been proven guilty, you are not to be treated as though you are guilty. What it does NOT mean, despite what everybody seems to think it means, is that you are not required to prove your innocence. You most certainly are. However, the prosecution is required to prove your guilt. If the proof is so flimsy that you do not have to defend yourself, it most likely would not go to trial. However, if the proof against you is solid, you will be convited unless you prove your innocence. Optimally, it would not be possible to prove somebody's guilt unless they were, infact, guilty. However, the world is not perfect. There are instances where evidence indicates you did something that you did not. In those cases, you can and should present an alternative explanation of the evidence. Presumption of innocence does not enter into it. This guy is not at all required to prove that a virus/trojan/worm downloaded the pornography. However, there is 100% solid evidence that he had said child pornography in his possession. If he does not prove his innocence, this is a sufficient proof of guilt.

Re:stop this? me?

[Mr.Radar]

Spybot Search & Destroy [kolla.de] (best and most up-to-date IMHO)
AdAware [lavasoftusa.com] (the original big one, not as up-to-date as Spybot S&D, but it still catches stuff Spybot doesn't)
HijackThis [spychecker.com] (for the really nasty stuff that the others don't get, though this can mess up your computer if it isn't used properly)
SpywareBlaster [javacoolsoftware.com] (it isn't as good as the others mentioned, but it still couldn't hurt)

Re:stop this? me?

[GlassUser]

The root of the problem is that your systems are not correctly configured. You should not give administrator/root access unless they're a systems administrator, and they know to use it only to do administrative stuff. NEVER run a web browser as an administrator.

I made a script that will fix a lot of the symptoms, and part of the problem, for windows machines. It will not fix the user issue though.
http://www.jordanmills.com/prunev3.vbs [jordanmills.com]

Re:stop this? me?

[IvyMike]

what's the best way to get rid of this crap?

• Ad-aware [lavasoftusa.com]
• Spybot [safer-networking.org]
• Cool Web Shredder [spywareinfo.com] Specific to CWS, but if you've got that, this is a necessity
• And while you're at it, for your own computer, don't forget the virus-checker, the hardware firewall, and maybe even the software firewall. Public computers are a Wretched Hive of Scum and Villainy, so if you're forced to use them, mentally adapt your practices to account for that. (Expect every virus/trojan/keycapture program written.)

And for the love of all that is holy, tell everybody you know to stop using IE. If you're the tech support guy for your friends and family, have them start using firefox. Because sooner or later, if you don't, they'll get CWS and you'll be at their house helping them for a LONG time.

Oh my...

[susano_otter]

Once again absolute rules screws common sense.

For example, here's an absolute rule:

If there is no intent, there should be no crime.

And here's some common sense: while you can deduce intent from physical evidence and documented actions, it's the evidence and actions of the suspect that make the crime, not the idea. What your rule demands is that we prosecute thought crimes, and only thought crimes.

The man probably didn't want to open up the string of popups,

That's a good guess, but how accurate is it? How trustworthy is it? How sure can you be that the man did not want to open all these pop-ups (either for their own sake, or as an acceptable side effect of some other intentional act)? Shouldn't you be looking at the actual physical evidence and documented activity, in order to determine what crime has been committed, and by whom? Basing your investigation on a wild-ass guess about the ideas in the head of the suspect doesn't seem very much like common sense to me.

therefor is not responsible for this.

Once again, absolute rules screw common sense.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Defense based on a trojan horse

[elegie]

Security expert Bruce Schneier has talked about what he calls the trojan defense [schneier.com]. He mentions several cases in which an illegal action was traced to a specific computer system, but the individual who was at the system claimed that a trojan horse was responsible for the action. In one case, an individual was suspected of launching a distributed denial of service attack, but they were acquitted after arguing that a trojan was responsible. In two other cases, individuals were charged with downloading illegal p

Re:What does this mean?

[mabhatter654]

So he could have been punished even after he thought he rightfully deleted them!!! That's right folks, if they want they'll not only go thru your caches, but also run an undelete program against your disks! That's simply not fair!!! because at that point, your not "posessing" the material anymore.. even your intent was to remove them! that's a VERY dangerous slope!!

Re:You need to disable Javascript... Even in Mozil

[evilviper]

use java for such things as client-side syntax checking, price calculations

Yes, yes they do. Still, that is because of stupidity on the part of the web designer.

There are plenty of sites that do the exact same thing on the server-side, hence no need for javascript. If a companies store does not work without javascript, I don't buy anything from them.

Netflix is a borderline website. Things like rating titles require javascript, but none of the other features do, so I can still use 95% of the functionality of the site without javascript... That's the only reason I'm still subscribed.

But in this case it was because malware got installed on their system

Yes, I know this isn't directly on-target, but javascript was mentioned, so I thought it a good place.

Regardless of this case, I have run into people who's home page has been set to a porn site (by javascript), so everytime they opened their browser they had hundreds of popups load, and two would popup for every one they closed.