Porn Virus
Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Porn Virus

  1. #1
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716

    Porn Virus

    You have all heard the excuse that it "must have been a virus"
    that downloaded all that porn, I guess it really does happen.

    "He'd have 40 Web sites hitting his computer in a minute -- who's the IT guy who looked at this and said, "Wow, this guy is pretty active on the Internet?'" Loehrs said. "It's physically impossible!"

    Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. "And once you get into some of these foreign sites, you'll get all kinds of stuff you don't want to see.
    http://www.technewsworld.com/story/s...ome=1213761812
    I came in to the world with nothing. I still have most of it.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    rcg~

    It does, I have seen it........ small hotels around here...... obviously if you are in a service function you look at e-mails................ messy

    I hope he sues them for at least a billon$........... he will win, and they will be dragged grovelling through the mud Firing him was cra$$ $tupidity, over here it would be "suspended on full pay"

    Why can't things like that happen to me?

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Thanks to some other site:
    http://blogs.csoonline.com/files/Forensic%20Report.pdf

    I've skimmed through it.. I don't buy the story..

    There's something about the cached google search pages that doesn't make it look like it's malware related.
    Also the TypedURL key is completely empty, cleared if you will. Everybody types in a URL every now and then..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Wow. Crazy stuff.

    He probaly took a sneak peak and got infected.

    Ok, getting a really good AV up now!
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  5. #5
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    Wow. Reminds me of that poor substitute teacher (in CT I believe) whose life was turned upside down a couple of years ago.

  6. #6
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    From the article: "The only answer I can give you is what I've seen in
    the industry: As soon as you mention the words 'child pornography,'
    everybody's senses go out the window and you are just guilty. Period,"
    Loehrs said.

    Ain't that the truth...
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi there SD~

    There's something about the cached google search pages that doesn't make it look like it's malware related.
    Also the TypedURL key is completely empty, cleared if you will. Everybody types in a URL every now and then..
    I have a problem with that, although I must admit to having encountered all sorts of "ID10Ts" in my time, as I know you have, so virtually anything is possible?

    My thinking is along the lines of: "If someone is savvy enough to clear typed URLs, then surely they would know enough to wipe the browser and search engine caches?"

    I would also have thought that a decent cleaning tool would do it automatically?

    On the other hand, malware might well use the cache to serve its garbage, but this would not normally show as a typed URL?

    Also, I would expect other evidence. Like does the guy have computing and video equipment at home............ if so, where is the CP there? I do not believe that someone uses their work issued laptop for pr0n surfing and doesn't have any at home. "Once a pervert, always a pervert" ?

    It would not be the first time someone has sent someone else a "porno bomb" just to drop them in trouble?

    As for typing URLs, I know several people working in hotels handling reservations and stuff who wouldn't even know what a URL was, let alone how to type one

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    There are also several other things wrong with this forensic report IMO. They only looked at some housekeeping that was done with the Trashcan but they didn't scan the disk looking for deleted content (sleuthkit anyone?). The report is mediocre at best and it seriously looks like a report that works it's way to a pre-set conclusion. Hence my reluctance to believe he really was a victim of malware.

    Having said that, I agree to the courts letting him go. Simply put you're innocent until proved guilty. Not enough evidence, to much crap and way too much other possibilities to say he's really guilty (beyond a reasonable doubt).

    Doesn't stop my gut feeling though
    Last edited by SirDice; June 19th, 2008 at 11:46 AM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes,

    They only looked at some housekeeping that was done with the Trashcan but they didn't scan the disk looking for deleted content (sleuthkit anyone?).
    Actually, I would have said EnCase?.............. seems like this was an internal disciplinary thing, and the Feds were not involved........... they would have certainly done as you described

    Could they say "We wiped the HDD with Dban and reloaded an ISO of our approved system"?............... errrr......... no? So there is no break in ownership?

    The report is mediocre at best and it seriously looks like a report that works it's way to a pre-set conclusion.
    Yes, that is what you pay for, and in the USA you can have the best justice that money can buy............ does the name "O J Simpson" ring any bells?


  10. #10
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    He was arrested for it.. So I would have expected a serious investigation, EnCase would be more likely indeed. I mentioned sleuthkit as anyone with half a brain in IT could have done a much better "forensic" report. But as far as I know this hasn't been done.
    Last edited by SirDice; June 19th, 2008 at 01:26 PM.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Abbr: history of the computer virus
    By E5C4P3 in forum AntiVirus Discussions
    Replies: 12
    Last Post: April 30th, 2013, 09:05 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 4th, 2004, 12:23 AM
  3. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 03:52 AM
  4. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 02:03 AM
  5. So you want to learn about Viruses.
    By 3ntropy in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: March 4th, 2002, 11:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •