A friend of mine brought her son's computer to work last week. He's about 13 years old. He just wanted to upgrade his processor so I told her I would help. We went through all the fun of upgrading a compaq's processsor (torture I tell you!!). Started his computer up, it had win2k on it. Well I'm not one to be nosy, so I left it be, because bios recognized everything, and it would bring to you the login screen, that was good enough for me. Well she was curious about what her son was doing, but we didn't know the password. Well he had the HDD formatted for fat32, muhaha. After using the good old win98 boot disk, steal the sam file and a few brute force hacking program, got his password and logged in. I think he had atleast 2 or 3 trojan clients like sub7, bo, etc in plain site on the desktop. Anyway, told her to have "the talk" with him. Next day, he apparently had trojaned his brothers (it's a big family) computers and a lot of his friends computers. She's not really sure how to punish him or if she should punish him. Not really sure if he's done anything *wrong*.

I've never really run into this kind of situation before? She is turning to me for advice, but I don't know if I will give the correct advice.

Should I:
  • tell her to ground him and take away all computer equipment?
  • tell her that boys will be boys, no harm done (that we know of)?
  • tell her to be paranoid because now the FBI is coming to take her son away?
  • take his pc and install a copy of Linux on the other hard drive to jumpstart his tech career?
  • do nothing, hope for the best?


I know this isn't really security related unless you are one of his friends but feedback is certainly appreciated.