Porn Virus

[rcgreen]

You have all heard the excuse that it "must have been a virus"
that downloaded all that porn, I guess it really does happen.

"He'd have 40 Web sites hitting his computer in a minute -- who's the IT guy who looked at this and said, "Wow, this guy is pretty active on the Internet?'" Loehrs said. "It's physically impossible!"

Loehrs found a script file that was set to go out and run its own searches on foreign Web sites, she said. "And once you get into some of these foreign sites, you'll get all kinds of stuff you don't want to see.

http://www.technewsworld.com/story/s...ome=1213761812

[nihil]

rcg~

It does, I have seen it........ small hotels around here...... obviously if you are in a service function you look at e-mails................ messy

I hope he sues them for at least a billon$........... he will win, and they will be dragged grovelling through the mud Firing him was cra$$ $tupidity, over here it would be "suspended on full pay"

Why can't things like that happen to me?

[SirDice]

Thanks to some other site:
http://blogs.csoonline.com/files/Forensic%20Report.pdf

I've skimmed through it.. I don't buy the story..

There's something about the cached google search pages that doesn't make it look like it's malware related.
Also the TypedURL key is completely empty, cleared if you will. Everybody types in a URL every now and then..

[Cider]

Wow. Crazy stuff.

He probaly took a sneak peak and got infected.

Ok, getting a really good AV up now!

[phernandez]

Wow. Reminds me of that poor substitute teacher (in CT I believe) whose life was turned upside down a couple of years ago.

[brokencrow]

From the article: "The only answer I can give you is what I've seen in
the industry: As soon as you mention the words 'child pornography,'
everybody's senses go out the window and you are just guilty. Period,"
Loehrs said.

Ain't that the truth...

[nihil]

Hi there SD~

There's something about the cached google search pages that doesn't make it look like it's malware related.
Also the TypedURL key is completely empty, cleared if you will. Everybody types in a URL every now and then..

I have a problem with that, although I must admit to having encountered all sorts of "ID10Ts" in my time, as I know you have, so virtually anything is possible?

My thinking is along the lines of: "If someone is savvy enough to clear typed URLs, then surely they would know enough to wipe the browser and search engine caches?"

I would also have thought that a decent cleaning tool would do it automatically?

On the other hand, malware might well use the cache to serve its garbage, but this would not normally show as a typed URL?

Also, I would expect other evidence. Like does the guy have computing and video equipment at home............ if so, where is the CP there? I do not believe that someone uses their work issued laptop for pr0n surfing and doesn't have any at home. "Once a pervert, always a pervert" ?

It would not be the first time someone has sent someone else a "porno bomb" just to drop them in trouble?

As for typing URLs, I know several people working in hotels handling reservations and stuff who wouldn't even know what a URL was, let alone how to type one

[SirDice]

There are also several other things wrong with this forensic report IMO. They only looked at some housekeeping that was done with the Trashcan but they didn't scan the disk looking for deleted content (sleuthkit anyone?). The report is mediocre at best and it seriously looks like a report that works it's way to a pre-set conclusion. Hence my reluctance to believe he really was a victim of malware.

Having said that, I agree to the courts letting him go. Simply put you're innocent until proved guilty. Not enough evidence, to much crap and way too much other possibilities to say he's really guilty (beyond a reasonable doubt).

Doesn't stop my gut feeling though

[nihil]

Yes,

They only looked at some housekeeping that was done with the Trashcan but they didn't scan the disk looking for deleted content (sleuthkit anyone?).

Actually, I would have said EnCase?.............. seems like this was an internal disciplinary thing, and the Feds were not involved........... they would have certainly done as you described

Could they say "We wiped the HDD with Dban and reloaded an ISO of our approved system"?............... errrr......... no? So there is no break in ownership?

The report is mediocre at best and it seriously looks like a report that works it's way to a pre-set conclusion.

Yes, that is what you pay for, and in the USA you can have the best justice that money can buy............ does the name "O J Simpson" ring any bells?

[SirDice]

He was arrested for it.. So I would have expected a serious investigation, EnCase would be more likely indeed. I mentioned sleuthkit as anyone with half a brain in IT could have done a much better "forensic" report. But as far as I know this hasn't been done.