Posted on 08/10/2003 8:58:34 PM PDT by new cruelty
One evening late in 2001, Julian Green's 7-year-old daughter came upstairs from the computer room of their home in the resort town of Torquay, in western England, and said, "The home page has changed, and it's something not very nice."
When Mr. Green checked the machine, he found that the family PC seemed almost possessed. The Internet home page had somehow been switched so that the computer displayed a child pornography site when the browser software started up. Even if he turned the machine off, it would turn itself back on and dial the Internet on its own.
Mr. Green called the computer maker and followed instructions to return his PC to a G-rated state. The pornography went away, but the computer still often crashed and kept connecting to the Internet even when "there was no one in the blinking house," he said.
But Mr. Green's problems were only beginning. Last October, local police knocked on his door, searched his home and seized his computer. They found no sign of pornography in his home but discovered 172 images of child pornography on the computer's hard drive. They arrested Mr. Green.
This month, Mr. Green was acquitted in Exeter Crown Court after arguing that the material had been gathered without his knowledge by a rogue program created by hackers — a so-called Trojan horse — that had infected his PC, probably during innocent Internet surfing. Mr. Green, 45, is one of the first people to use this defense successfully.
While a case that played out in the British legal system sets no precedent in the United States, legal experts say the technical issues raise two troubling possibilities. For one, actual child pornographers could arm themselves with a new alibi that would be difficult to disprove. Or, unknowing Web surfers could find themselves charged with possessing illegal material that a lurking software program has acquired.
"The scary thing is not that the defense might work," said Mark Rasch, a former federal computer crime prosecutor. "The scary thing is that the defense might be right," and that hijacked computers could be turned to an evil purpose without an owner's knowledge or consent.
"The nightmare scenario," Mr. Rasch said, "is somebody might go to jail for something he didn't do because he was set up."
Mr. Green was eventually exonerated, but his life has been turned upside down by the accusations. His ex-wife went to court soon after his arrest and gained custody of their youngest child and his house. Mr. Green, who is disabled because of a degenerative disk disease, spent nine days in prison and three months in a "bail hostel," or halfway house, and was allowed only supervised visits with his daughter.
"There's some little sicko out there who's doing this," Mr. Green said, "and he's ruined my life. I've got to fight to get everything back."
He said he had no clue how the rogue software showed up on his computer. "I never download anything. and as far as I knew, no others had," he said.
When his solicitor, Chris Bittlestone, hired a computer security consultant to examine the PC, nearly a dozen Trojan horse programs showed up on the hard drive. "When the report came in, it was very much what you would call a eureka moment," Mr. Bittlestone said. But Mr. Green took the news differently.
"He was very quiet and said, `See? I told you,' " Mr. Bittlestone recalled.
Tony Dearsley, the computer investigations manager for Vogon International Ltd., the company that examined the machine, says Trojan horse programs are increasingly common.
"Any Web site could contain this sort of thing," he said. "The reputable ones don't. The less reputable ones may." Anyone using the computer who visits sites offering legal adult fare, gambling or even a music file-swapping site might pick up malicious software, he said.
Mr. Green, who now lives with his son and his 83-year-old mother in the nearby town of Paignton, said that it was possible that some member of his family had accidentally infected the computer in that way. "I know my son had a look at some iffy sites," he said. "He's a teenager."
Antivirus software and programs like Ad-Aware can ferret out and disable Trojans, but they must be kept up to date to be effective in a fast-changing field. Mr. Green said that he had antivirus software on his computer, but that it was outdated.
The police would not disclose the source of the original tip in the case, but Mr. Green noted that the raid came two weeks after he had won custody of his daughter in court. Mr. Bittlestone would not comment directly on the matter. "Calls may well have been made," he said. "I'm not quite sure what the dynamics were within the family at that time."
Mr. Bittlestone said that he was troubled that prosecutors did not mention the Trojan programs after his client's arrest: "Either the police didn't spot this issue, or if they did spot it they chose not to pursue it." Mr. Green, he said, is now considering a lawsuit against the police.
Calls to the local police in Mr. Green's area were referred late on Friday to the pedophile unit at Ashburton, which could not be reached. But the prosecutor in the case, David Sapieca, told the BBC: "We don't accept the conclusions of the defense expert report, but there were already other issues in the case regarding the history of the computer itself. We cannot show that Mr. Green downloaded the images on to the computer, so the Crown reluctantly offer no evidence in this case."
Mr. Green's case could point the way to a new defense in courts in the United States, said Andrew Grosso, a lawyer and former federal prosecutor in Washington. The presence of a Trojan could mean that the computer is "not entirely under your control," he said, and a defendant could "legitimately point a finger elsewhere."
A senior official at the Department of Justice said that the defense, while novel, might not hold up in court. "There are ways to look at the evidence to see if something like this — even if it is present — is responsible for the conduct at issue," the official said. Thus a prosecutor would scan the computer to make sure that it did, in fact, have rogue software, and would try to determine whether the software could do what the defendant claimed that it did.
In a child pornography case, he said, investigators would also try to discover other corroborating evidence, like Internet communications with known pedophiles, or a stack of child pornography in the suspect's home.
Mr. Bittlestone said: "You will only be able to use this defense if you can show that Trojan horse viruses have infected" a computer. If not, he said, "You have to account for your actions."
Mr. Green said that despite the disruption in his life, things could have been much worse: he could have spent years in prison, lost all visitation rights to see his daughter, and could have been entered into lists of sex offenders. "There would have been no point to living after that," he said. "Everything is just taken away from you."
But he said he had no sympathy for pedophiles and users of child pornography, many of whom he met in the bail hostel. He called them "nasty little people," and said, "Whatever they do to them isn't enough."
Things are beginning to turn around for him since the British press has written about his acquittal, he said. One of the parents from his daughter's school, who hadn't spoken to him since the arrest, began talking to him the other day.
"She must have said, `Perhaps he's not a pervert after all,' " Mr. Green said.
Seems he has something in common with his computer....
I use the shareware AdAware (not AdAware Plus). I also use Spybot Search & Destroy.
Regular AdAware wasn't even sufficient to remove the Xupiter thing from my system (it kept reasserting itself anytime I opened a new browser window). I had to research how to manually remove it.
I've gotten reinfected with Xupiter's thing one time since but one of the 2 spyware programs successfully removed all of it.
I think that I got it from mistyping some common website name, maybe misspelling Google or using something like cocacola.com when it should have been .net (not the real site but you get the idea). The wrong site name led me to some cybersquatter's own search engine (nothing X rated) but it also sent me to popup hell.
I did a search on Xupiter to find out how to clean it but I also found some editorials that defended the software company saying that they weren't doing anything wrong. I did not consent to have this beast placed on my harddrive, they are doing something wrong. I can't place a caller ID system on your phone and get reports of who's calling you. I can't place bumper stickers on your car. I can't place a box of junk in the trunk of your car or in your closet.
The fact that the software fights to reassert itself shows that they know that some people may not be happy with it. It is computer rape; it is not consensual.
As to some mysterious desktop icons (including dialers), some SPAM emails now contain all sorts of cookies. If you have the preview pane open, they may still infect your system in the time that it takes to click on them to delete the junkmail.
If you have a MS operating system, you should always be able to hit the 3-fingered salute (ALT-CTRL-DEL) and get a list of the different processes that are running. You should be able to select the offending process with your mouse and stop it. This can also be done if you get into popup hell or a popup that fills your screen. It will also work to stop a phone dialer but the best thing to do if a self-launching exe starts to dial your phone is to pull the phone cord (or take the phone off the hook). I assume that phone dialers try to dial 1900 type numbers while some other processes just want to get your computer to log itself online so that they can "do their thing" (a cookie just reporting home). Occassionally I'm finding my computer with a log on prompt (trying to get me to go online) but I don't have any downloads, email, or webbrowsers open. I know that some websites (like Drudge) refresh the webpage periodically so leaving the browser open (with the system offline) will generate prompts to go online for a refresh.
I keep my browser default page at NULL (no startup page) so anytime something is there, it was set without my permission. The SPAMMERs have been good at buying off the politicians who have been very hesitant to make such practices illegal. Slowly some of the defenders have turned on the SPAMMERs but Pandora's box is already open.
There is a guy in King of Prussia, Pennsylvania, who writes these scripts for the Mob, to support their porn sites. He's a nasty cracker, and responsible for the endless cascade of porn windows that people get on their machines who stumble into one of his websites. The FBI couldn't get anything on him, so they took the unusual step of publishing his name and address and basically inviting him to sue them if he didn't like it.
I also noticed that these porn sites like to vacuum up disused but well-known cult sites like Jennycam -- type that into your browser window now, and you get a fast ride direct to a XXX-rated porn site.
A woman working for a Fortune 500 oil and gas company in Houston brought her latchkey "tweenaged" son to work with her one day for some reason when school was out. He hung out in the office all day, and then she was called in to a meeting -- she was secretary to a group of geologists and engineers. The son got on the computer while she was in the meeting, having thoughtlessly "left herself up", and when she came back and called the computer back from suspension, got the wicked surprise of her life. She couldn't close windows as fast as they opened -- this is how the guy in King of Prussia makes his money: he writes a script so that every "close window" command is read as a "Please open 19 more windows, and dish me the hard stuff". The poor woman had to accept the mortification of calling a senior geologist to try to help out -- her job was on the line at this point -- and when he couldn't succeed any better than she in stopping the cascade of windows, he simply hit "reset" and crashed off, and summoned ITS. Her boy probably has never heard the end of it -- his thoughtlessness could have cost his mother her job in a bad job environment. (Houston, don't let them kid you, is still experiencing a jobs depression in the energy industry that's as bad as the worst of the "bust" and has gone on twice as long now, ever since the SE Asian Bubble crashed in 1997 and the companies started firing again the following year.)
Sounds like you've paid a visit to King of Prussia.
Open Task Manager (CONT+ALT+DEL) and kill the windows and processes there.
Then go download Diskwasher and purge with that, or EvidenceEliminator ($120), they will blow off most/all of the spy/scumware. Add ZoneAlarm and SpyBot or AdAware as per previous posts. Also visit ZDNet.com and Tucows.com and do a search on Trojans: PestControl and other software similar to SpyBot is available there, most of it shareware of commercial warez. You can visit PC Magazine's online for comparo reviews of these apps:
Other contenders: Norton, Trend Micro's PC-Cillin, Kaspersky Labs AVP, and some others that you can comparatively review by surfing the archives of this online AV speciality magazine:
This magazine is subscription, but you can access all but the latest performance reviews in Pass/Fail form to see which shops and labs have a good track record against "in-the-wild" viruses thrown at them by the Virus Bulletin techies. Look for the "archives" tab.
Keep in mind that definition files have to be rigorously kept up-to-date: I received a copy of the SOBIG.E worm last month only hours after it first appeared in Asia: a HongKong-based spammer who had my e-mail address got infected and I got a copy of the virus practically before anyone could get a bulletin out. I found a current bulletin and Virupedia entry on TrendMicro's site that was so fresh the electrons were still smoking, and they'd just posted up a download packet for their AV subscribers. Grisoft wasn't as fast reacting. McAfee has been burned a few times, too, by fast-moving viruses and worms. The main key is keeping your definition files up to date and not opening attachments from Asia, or from people you don't know, with names like Message.zip (I found the SOBIG.E entry in the Trend Virupedia by searching on the attachment name: you can do the same at Symantec's SARC site or in McAfee's malware encyclopedia).
Individual responsibility, and all that.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.