Framed for child porn — by a PC virus

[Sundowner]

What a nightmare!

Sun

Of all the sinister things that Internet viruses do, this might be the worst: They can make you an unsuspecting collector of child pornography.

Heinous pictures and videos can be deposited on computers by viruses — the malicious programs better known for swiping your credit card numbers. In this twist, it's your reputation that's stolen.

Pedophiles can exploit virus-infected PCs to remotely store and view their stash without fear they'll get caught. Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.

Whatever the motivation, you get child porn on your computer — and might not realize it until police knock at your door.

An Associated Press investigation found cases in which innocent people have been branded as pedophiles after their co-workers or loved ones stumbled upon child porn placed on a PC through a virus. It can cost victims hundreds of thousands of dollars to prove their innocence.

Their situations are complicated by the fact that actual pedophiles often blame viruses — a defense rightfully viewed with skepticism by law enforcement.

"It's an example of the old `dog ate my homework' excuse," says Phil Malone, director of the Cyberlaw Clinic at Harvard's Berkman Center for Internet & Society. "The problem is, sometimes the dog does eat your homework."

The AP's investigation included interviewing people who had been found with child porn on their computers. The AP reviewed court records and spoke to prosecutors, police and computer examiners.....

the rest of the article...

http://tech.yahoo.com/news/ap/20091108/ap_on_hi_te/us_tec_a_virus_framed_me

[Phaser11]

This is all very true.
 They can use you and your system without you even knowing it. The judge will not lesson nor will your families or anyone else. I worked with a US Government cyber crime unit and they do not care, its on your system and they found it. If it is on your computer YOU are finished.
 People do not understand what a ‘hacker’ or a virus can really do and they are not going to learn. If you really want to know look up Black Hats and White Hats, there are some free training videos on how to be a good or bad guy.
 Yes you should be very worried about this.

Keep virus software up to date every day.
Load anti spybot software and keep it up to date.
Password everything. If your computer or wireless network does not have a password you stand out like a sore thumb.

There is no real secure network if your on the internet. The only thing you can do is make your system a bit harder that someone else’s system to get in to so the Black Hat picks on some one else. Most of the time they will go for the easy target.

Good Luck

[Flipperk]

With any virus on your computer everyone should know how a virus works.


If you think you are infected by a virus, step one is to NOT restart or turn off your system. Alot of viruses are triggered at start up when all of your anti-virus software is still booting up.

Step two, unplug your internet cable from your wall, most if not all, viruses act upon a command that is given from the source of the virus through the internet. If you unplug your internet the virus does not infect anymore files, but is still on the system.

Step three, run your anti virus software while you have everything disconnected from the internet. I would run it twice to be sure.

Step four, if any other computers were hooked up through the same router, do steps 1-3 to be sure that the virus is not on any of the other systems.



My sisters computer was infected by a virus and it got to the point to where the computer had problems starting up. Once I unplugged the internet cable the computer started up slowly, but did successfully, giving me enough time to run McAfee. Found 3 viruses and 2 Trojans in her System32 folder.




Also for hackers, what phaser said password protect everything, keep your firewall and anti-virus software on and monitoring your system. IF you suspect you have been hacked, a good start would be to unplug your internet and then run anti-virus or spyware to be sure nothing was loaded to your computer. Once you know your system is clean THEN change ALL passwords to everything! Online bank accounts, any financial websites, log-on passwords, internet passwords ect.


I had a virus on my computer that downloaded a crap load of porn to my computer, was finding 2 or 3 new vid everyday...after 5 days my HD crashed. I threw the HD into a fire in my backyard...i did not see any child porn but I did not want to go to jail because of something i did not do.

[Enker]

My solution for viruses (viri? virus? Is it like deer or mice or octopi?) is to wipe the HD every three months so I don't have to deal with this. Keeps the computer running quickly, and I just have to load the drivers from the CDs. Everything else is copied over to the external hard drive, so I can just copy it over into program files.

[mensa180]

My solution for viruses (viri? virus? Is it like deer or mice or octopi?) is to wipe the HD every three months so I don't have to deal with this. Keeps the computer running quickly, and I just have to load the drivers from the CDs. Everything else is copied over to the external hard drive, so I can just copy it over into program files.

.

Same here.

[AirFlyer]

x3 here. Generally I keep the installers or ISOs for everything on my computer and re-install it after the format. Takes a little bit of time but it's well worth it IMO.

[Sundowner]

Wiping your HD drive periodically is a good idea as the three posters above mentioned.

But aren't you still vulnerable between the 3 month wipes of getting caught up in a nightmare like the guy in the article?

Updated weekly Anti-virus/malware/spyware scans are good preventive measures but after doing a bit of research I think there are a couple more tools that can be added to your security arsenal.

Sandboxie
http://www.sandboxie.com/

This has been mentioned several times on the forums and it seems to be a fantastic tool to prevent "driveby downloads".

From the site:

"Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.

"Benefits of the Isolated Sandbox

    * Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

    * Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

    * Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

    * Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox. "

The second great tool I've found is "Snitch".
http://www.hyperdynesoftware.com/


From the site:


    * Quickly clean porn and other unwanted files from your hard drives
    * SkinScan™ Technology detects nudity in images and video files
    * Keyword and filename analysis for scanning text based files
    * Internet history analysis checks for inappropriate website activity
    * Also detects audio files, documents, cookies, hidden files, more
    * Quick deletion of unwanted files
    * 'Safe' Files and Folders

I Added "Snitch" to my weekly scan and Firefox is always run in a "sandbox" now.

Regards,
Sun

[68Wooley]

I maintain a bare-minimum Windows 7 set-up for AH2. Everything else is Linux. I'm not foolish enough to believe Linux is invulnerable, but thus far it's only really been the target of hacking attempts which are relatively easy to prevent compared with viruses which almost always target Windows.

[gyrene81]

First off...in 18 years of doing professional computer support and running across every virus released since the old stealth boot sector viruses...I've never even heard a whisper of any virus automatically filling a system with any type of porn, and I maintain memberships on a lot of different I.T. professional websites. Without knowing some specifics about the computer, it's difficult to judge fully one way or the other. If something like that did happen, it would be pretty obvious that something happened even to someone not well versed in dealing with viruses...and a virus like that would be getting more headlines than Code Red did. The only possible way for a person to have a situation like that occur is to intentionally download something from a website they probably shouldn't have been on in the first place. It's well known many downloads from torrents and P2P sites are generally infected with some sort of malicious software...so I don't fully buy into the persons story.

With any virus on your computer everyone should know how a virus works.


If you think you are infected by a virus, step one is to NOT restart or turn off your system. Alot of viruses are triggered at start up when all of your anti-virus software is still booting up.

Not entirely true...viruses to trigger when Windows initializes but once a virus is installed on your computer, doesn't matter if you restart it or not...your system is infected and the virus is active...some of the more malevolent tend to turn your anti-virus off so they can install fully. With a malware program trying to install itself, sometimes shutting your system down can stop it from doing an install...depends on what it is. If you do get infected with a virus, restarting your computer into safe mode and using the built in Administrator account is sometimes the only way of getting rid of the virus...sometimes it requires booting to a disk with a virus removal agent installed.

Step two, unplug your internet cable from your wall, most if not all, viruses act upon a command that is given from the source of the virus through the internet. If you unplug your internet the virus does not infect anymore files, but is still on the system.

That only happens if your hit with a trojan that auto connects to some sort of botnet...generally remote spammers, identity stealers, key loggers, etc...some are multi part systems that do several things. A virus will infect whatever files it's programmed to infect as soon as it's installed on your computer, doesn't matter if you're connected to the web or not.

[trigger2]

My solution for viruses (viri? virus? Is it like deer or mice or octopi?) is to wipe the HD every three months so I don't have to deal with this.

The problem is is even when wiping a HD, it doesn't erase all data, so if it were to happen to you in the 3 months (just as likely as anyone else...) the information will be on your HD, deep in and non-accesible, it's still there as evidence in the off chance there is reason to search your computer information, the only way to make sure it's non accesible is to open the HD, take out the disc (usually metal now, used to be glass), melt it down, and bury it (Okay, that last steps just in there for emphesis). Unforutunatly, in todays society, we have to worry about remote accessors, viruses, trojans, and the most prominant of all infections, malware.

Best thing you can do, is keep AV/FW software up to date (windows firewall isn't bad, and for freeware anti-virus, MalwareBytes is an EXCELLENT program, http://www.malwarebytes.org/mbam.php).

First off...in 18 years of doing professional computer support and running across every virus released since the old stealth boot sector viruses...I've never even heard a whisper of any virus automatically filling a system with any type of porn, and I maintain memberships on a lot of different I.T. professional websites.

I can see how it's plausible, if it were to open up ports for a remote access, kinda complex and risky, but very plausible. If you can get basic info (computer name, IP, Subnet mask, etc...), connecting isn't that hard, infact, it can be done using the run function of your computer (I'm a tech at my school, and this is VERY helpful, have automatically put in by a program called TechVentory so we don't have to manually put it in, makes accessing other information easy, and setting up remote printers a breeze), it's a threat, but I have not heard of this specifically happening.

[gyrene81]

The problem is is even when wiping a HD, it doesn't erase all data, so if it were to happen to you in the 3 months (just as likely as anyone else...) the information will be on your HD, deep in and non-accesible, it's still there as evidence in the off chance there is reason to search your computer information, the only way to make sure it's non accesible is to open the HD, take out the disc (usually metal now, used to be glass), melt it down, and bury it (Okay, that last steps just in there for emphesis). Unforutunatly, in todays society, we have to worry about remote accessors, viruses, trojans, and the most prominant of all infections, malware.

Killdisk...using the KGB algorithm...   Hammer not needed.   

[Vulcan]

First off...in 18 years of doing professional computer support and running across every virus released since the old stealth boot sector viruses...I've never even heard a whisper of any virus automatically filling a system with any type of porn, and I maintain memberships on a lot of different I.T. professional websites.

Well, in 24 years of working in the industry, and specializing in Security, having a friend write one of the more prolific early boot sector virus's... I can tell you that it's not uncommon for compromised PC's (or networks) to be used for this purpose and there have been many other such cases around the world.

[OOZ662]

I've just recovered from a virus that has the potential of ruining the protection received by constant backups and formats, especially for those (like me) who run two partitions for quick OS reinstall.

W32/Jeefo:
May reside in ANY .exe file and affects any 32bit Windows OS.
When the infected EXE is run, the virus installs itself as a local service and copies itself as "svchost.exe" to C:\WINDOWS\system. Due to the generic filename and the service ("Power Manager") sounding legit at first glance, it's hard to initially detect.
As the service runs, it takes EXE files, encrypts them, then appends the virus to the beginning of the file. When an infected file is run, the "new" virus checks to see if it's installed already. If so, it instructs the "old" virus to decrypt and run the file.
In this way, the virus can be spread by sharing any EXE from an infected system.
Eventually, programs will start failing due to decrypting improperly. This also means that if you burn a new backup, all of the EXE files are infected.

I run a rather tight ship (albeit without A/V protection due to the age of my system and the games I play...and the lack of money) and the only reason I noticed it was due to uTorrent failing to start unless reinstalled, then after reinfected failing to start again. By that time, 750+ of my executables were infected, including video/audio/printer driver programs.

[Die Hard]

You don't need money to run A/V. I use Antivir, and it's free.

[Sundowner]

I've just recovered from a virus that has the potential of ruining the protection received by constant backups and formats, especially for those (like me) who run two partitions for quick OS reinstall.

W32/Jeefo:
May reside in ANY .exe file and affects any 32bit Windows OS.
When the infected EXE is run, the virus installs itself as a local service and copies itself as "svchost.exe" to C:\WINDOWS\system. Due to the generic filename and the service ("Power Manager") sounding legit at first glance, it's hard to initially detect.
As the service runs, it takes EXE files, encrypts them, then appends the virus to the beginning of the file. When an infected file is run, the "new" virus checks to see if it's installed already. If so, it instructs the "old" virus to decrypt and run the file.
In this way, the virus can be spread by sharing any EXE from an infected system.
Eventually, programs will start failing due to decrypting improperly. This also means that if you burn a new backup, all of the EXE files are infected.

I run a rather tight ship (albeit without A/V protection due to the age of my system and the games I play...and the lack of money) and the only reason I noticed it was due to uTorrent failing to start unless reinstalled, then after reinfected failing to start again. By that time, 750+ of my executables were infected, including video/audio/printer driver programs.

Wow.

That's evil.

Thanks for the after action report....I'm checking that one out.
I wonder how prolific among the PC population this type of virus is.
I'll read up on this one.

TY
   Sun