Posts Tagged ‘Malicious Websites’

Could a Spyware Ridden Machine Get you 40 Years in Jail?

As anyone who has ever read this blog knows, I always try to tie these spyware, adware posts back to my friends from Zango, those guys who never do anything wrong, it’s always an affiliate or another website. While Zango is not mentioned, I bet money one of their programs was installed, hehe. But I just read this article from Computer World by Preston Gralla, Porn-surfing teacher: Spyware made me do it!, who obviously should not be posting about spyware, as it appears he does not have a clue and his blog post is a complete joke.

A recent court case found a Connecticut substitute teacher guilty of surfing for pornographic sites in front of her seventh grade class, and now, she faces 40 years in prison. Wow, forty years, I was watching something on TV the other night where two guys killed someone and the max they could and did get was 15 years. But this teacher could get forty years? That is just plain wrong. Anyone who is involved in anyway with school systems know, most teachers aren’t prepared for something like this, the teacher was probably as overwhelmed and shocked as the students were when it happened and was just trying to get them to close down. And if it has happened to you, when you click the x to close a popup, one or many more can popup on you, making it look like you may have actually clicked on the popup itself.

Not only that, the prosecutor wanted to know, but if in fact spyware was on the PC, why didn’t the teacher merely turn off the computer or pull the plug on it?

Julie Amero had no answer.

Lawyers have come up with some novel defenses over the years, including the “Twinkie defense” in which a lawyer argued that defendant Dan White’s eating of Twinkies and drinking Coca-Cola proved that he was depressed, and so not responsible for his actions in murdering San Francisco Mayor George Moscone and Supervisor Harvey Milk in 1978. The defense was partially successful; White was convicted of voluntary manslaughter rather than murder.

Luckily, it seems as if the spyware-made-me-do-it defense doesn’t cut it in court. For once, justice prevails. Source: Porn-surfing teacher: Spyware made me do it!

A substitute teacher is just that a substitute, and has not been in similar situations, and probably had no idea unplugging the machine or turning off the projector would have been the best way out, plus, the school system has to have content filtering in place to be able to get E-rate money to help fund all of the computers, internet access, etc. The school systems filters should’ve prevented most porn sites from popping up to start with, so, why isn’t the school system on trial and not the teacher?

And according to a quote from Alex Eckelberry, who is President of Sunbelt Software, they didn’t even check for spyware.

The court actions of the case were flawed as well. For example, one source reports that the Trial Judge, Hillary Strackbein, was seen falling asleep during proceedings and made comments to the jury that she wanted the case over by the end of the week. It was also reported that Judge Strackbein attempted to pressure the defense into an unwanted plea deal, in place of a trial. The defense attorney for Amero, moved for a mistrial shortly before closing arguments Friday, based on reports that jurors had discussed the case at a local restaurant.?

Was justice done here? A bad spyware infestation can splatter a machine full of porn popups and it?s a bit unnerving to think that a teacher could get hard prison time for something that was likely to have been completely innocent.

We need far more evidence than what is available to come to the conclusion that “justice was done”. In fact, all the available evidence shows quite the opposite — that this might just be a grave miscarriage of justice. Source: Alex Eckelberry

I have recently had the chance to attend several classes on computer forensics, so sure, the police found evidence that those sites were visited, but ANY window that is opened on the computer will show up in the cache and list of websites visited. The fact that neither the defense nor the prosecution tried to show how it happened is incomprehensible to me. If it was one website that caused this to happen, it would be so easy for them to repeat what happened. This quote from computer crimes investigator in an article on the Norwhich Bulletin is very telling,

“You have to physically click on it to get to those sites,” Smith said. “I think the evidence is overwhelming that she did intend to access those Web sites.” Source: Teacher guilty in Norwich porn case

You do NOT have to click on any link, it can be loaded from spyware apps, malware, or other malicious websites, it can be loaded from a website, that was loaded in a popup, from a website that was loaded in another popup, from another website that was loaded in a popup, and as the saying goes, on and on and on. This is just a case of one investigator only having the tools to do forensic investigation and not the knowledge of how a computer works to go along with it. Anyone involved in the Julie Amero case feel free to leave me a message at 304-521-2582 or an email to webmaster at tipsdr.com with “Julie Amero case” as the subject and I will be happy to explain how this could happen with the teacher only opening one “innocent” webpage on her computer. The 40 years should go to the spyware makers or to the school system, not this substitute teacher.

2 comments - What do you think?  Posted by Jimmy Daniels - January 13, 2007 at 12:25 am

Categories: Computer Forensics, Education, Malware, Protect Children Online, Security, Spyware Info   Tags: , , , , , , , ,

Dumador Turns PCs to Zombies

Muwahahaha. Sorry couldn’t resist. Hackers are trying to infect pcs by sending cell phone text messages to lure people to a malicious website.

“Thank you for subscribing to – Dating Service ! Your phone will be charged now $2.00 per day untill you unsubscribe online.”

Hackers are using more blended attacks in hopes of creating botnets of many computers that they can control to do such things as launch denial of service attacks, shopping cart scanning, artificially inflate website earnings and more.

The blended attack uses social engineering techniques in its attempt to trick people to the site, security vendor Websense said in an advisory. An SMS text message is sent to the targets’ cell phones, thanking them for subscribing to a fictitious dating service. The message states that they will be automatically charged a fee of $2.00 per day via their phone bill, unless their subscription is cancelled online.

The same message has also been sent multiple times to the comments section of numerous bulletin boards, Websense said. The attack began on Thursday in the U.S. and was first detected by Sunbelt Software, a security software vendor, Websense said. Source: Websense

Once victims visit the purported dating site to unsubscribe, they are prompted to download a Trojan horse program. (A Trojan horse is malicious software that disguises itself as another kind of application.) The attackers provide instructions on how to bypass security warnings in Internet Explorer, Websense said.

After the Trojan horse–a variant of a program Websense calls “Dumador”–is installed, it turns the computer into a “zombie,” allowing it to be remotely controlled by the hackers. The compromised machines then become part of a “bot” network, which can then be used to launch distributed denial-of-service attacks. Source News.com

Websense could not say how many users had fallen for the attack. Monitoring botnet activity is “very difficult” to do because of the crossborder nature of the networks.

The Dumador Trojan allows hackers to use HTTP to control the bots and trigger them to upload information. Typically, the most popular method of bot control is through Internet Relay Chat (IRC).

Be the first to comment - What do you think?  Posted by Jimmy Daniels - June 24, 2006 at 3:15 am

Categories: Security, Spyware Info   Tags: ,