I must say that seeing these images really shows the effectiveness of the anti-malware and website filtering software being used by Eversun, a.k.a. Agents of Value (AOV).
Imagine getting blocked by the very software it uses! Even Google doesn’t like it anymore, hahaha!
Traces of guilt9th November 2009 11:46 GMT
Free whitepaper – Creating an AUP: Common myths and mistakes
Innocent people have been branded as child abusers after malware infected their PCs, an AP investigation has discovered.
Technically sophisticated abusers sometimes store images of child abuse on PCs infected by Trojans that grant them illicit access to compromised machines.
The plight of those framed in this way is all the worse because paedophiles commonly use supposed malware infections of their PCs to explain the presence of images of child abuse. Because of this the "Trojan did it" defence is understandably met with scepticism from law enforcement professionals."It's an example of the old `dog ate my homework' excuse," says Phil Malone, director of the Cyberlaw Clinic at Harvard's Berkman Center for Internet & Society told AP. "The problem is, sometimes the dog does eat your homework."
AP interviewed former child abuse suspects who were arrested after depraved images were found on their computers, as well as police and computer forensic experts.
Michael Fiola, a former Massachusetts government worker, was arrested two years ago after child abuse images were discovered on his state-issued laptop computer after officials became suspicious of huge data use bills associated with the machine and began an investigation. He was eventually cleared nearly 11 months later after defence experts were able to show that the laptop harboured malware programmed to visit as many as 40 child porn sites per minute, far faster than a human surfer would be able to accomplish.
Forensics experts hired by the prosecution agreed with these findings and the case, which had nearly ruined Fiola's life, was dropped.
Fiola was fired from his job before enduring death threats and losing friends. His wife stood by him, however, and the couple were able to raise a $250,000 legal defence fund after selling their car, cashing in their savings and re-mortgaging their home. "It ruined my life, my wife's life and my family's life," Fiola told AP.
A cap on the amount of damages they might receive has effectively prevented the Fiolas from suing the state.
Child abuse webmasters sometimes use either compromised consumer or business systems as a warehouse for child abuse images and videos. Paedophile images can also land on systems as the result of a nasty prank or as an act of deliberate sabotage.
Two UK men were cleared of child-abuse offences in 2003 after it was shown that computer viruses were behind the presence of child abuse images on their PCs. One of the PCs was infected by a virus that changed the home page of the Windows machine to a child porn site. The other man's machines was infected by a virus that downloaded images of child abuse.
One of the two unnamed men lost custody of his seven-year-old daughter and spent a week in jail on remand because of the case.
In another case Chris Watts, a British computer forensics expert, helped clear a hotel manager whose colleagues found child porn on a shared workplace PC. The manager had been looking for ways to download pirated computer games when his web session was redirected to a child abuse site.
More details on the cases and discussion of the issue can be found here.
AVS Firewall 2.1.1.238: Protect your PC against malware and hacker attacks with AVS Firewall. http://bit.ly/bHObS
'Ugly can of worms'
Author: Dan Goodin in San Francisco
Cybercriminals have laced about 2,000 legitimate websites with a potent malware cocktail that surreptitiously attacks people who browse to them, a security researcher warned Friday.
Unlike past outbreaks of the mass web attack known as Gumblar (http://www.theregister.co.uk/2009/05/14/viral_web_infection/), this round actually plants exploit code on the website servers themselves. Curiously, the directory and file name of the malicious payload is in most cases unique and identical to a legitimate file that existed on the website.
The trick makes it extremely difficult for webmasters and anti-malware programs to detect the threats.
"This is an ugly can of worms," said Mary Landesman, the ScanSafe security researcher who warned of the mass attack. "Any time you see a new technique evolve like this the concern is we'll be seeing much more of this in the future, and certainly it complicates the remediation of the compromised website."
Previously, Gumblar planted links in thousands of compromised websites that silently redirected users to a handful of servers that hosted the exploits. That method allowed white hats to foil the attack by shutting down one or two domains. With the malware embedded directly in the compromised websites, the take-down process is significantly more time consuming.
Also making matters hard for Landesman to get the sites cleaned up: Most of the websites belong to small businesses that cater to non-English speakers. Few of them have dedicated security employees, and even when representatives can be located, the person contacting them must speak multiple languages.
While the websites are relatively small, Gumblar architects have planted links in online discussion forums across the web that often cause RSS readers to automatically send users to the booby-trapped pages. Landesman suspects black-hat search engine optimization may also be causing the infected sites to be featured prominently in results returned by Google and others.
People who are unfortunate enough to visit the sites won't see anything unusual. But behind the scenes, a PHP script checks their version of Adobe Reader and Adobe Flash, and if either is out of date, hijacks their PCs using known vulnerabilities. If both of those programs are up to date, the script tests to see if the system is vulnerable to several bugs Microsoft has patched in the last few months.
Hijacked machines will be installed with a backdoor that gives the hijackers complete control. They are also equipped with malware that manipulates search results returned by Google.
It's unclear exactly how the sites are getting compromised. Landesman suspects FTP passwords for the sites have been lifted from administrators' computers using key-logging malware. ®
Original URL: http://www.theregister.co.uk/2009/10/16/gumblar_mass_web_compromise/
A new dangerous SPAM / Phish / Social-Engineering email is circulating which lures a user into downloading and installing a malware package onto their computer. Be Vigilant!
A new dangerous SPAM / Phish / Social-Engineering email is circulating which lures a user into downloading and installing a malware package onto their computer. Be Vigilant!
=================================================================================================================================================== Problem New SPAM / Phish / Social-Engineering attack via email. The message is crafted to appear as if it came from an internal IT source, and prompts the user to download a "patch" to be ready for an upcoming "server upgrade" to the mail system. The download is actually a multi-faceted malware package which installs Trojans, a key logger, disables AV software, and performs other actions on the user's PC. Text of the message is pasted below with certain information redacted for safety. =====================================================================================================================================================Today Google has announced two new tools a webmaster can access via the new Labs section on Google Webmaster tools.
This function let you create a simulate crawl for single pages of your website. Just submit the page and with a few minutes you get a report about what Google gets if the bot has crawled your page.
This section will show you the pages where malware was detected if Google has found any malicious code on your websites.
Cool last time it took hours to find it all. Anyway it's always better to scan your server for malware.
A Squared Free 4.5.0.21: Scans your computer for malware software Trojan Horse, Dialer, Worms, Spyware http://bit.ly/3MBTO3
When Facebook attacks, it’s not pretty. We were just remarking on how new ways of spreading malware were plaguing social media, and now the second Facebook-related scam in the past week appears to be spreading.
Have a look at the picture below, and if you see a profile similar to what you see in the screenshot, do not click on the video link. If you do, you’ll see a similar “malware warning” to that pictured at right. If you keep following the prompts, of course, you’ll then actually be infected as the program pretending to warn you about malware installs its own malware payload.
This time the spyware appears to have the ability to create fake Facebook accounts and endow the profiles with these fake links. It’s troubling because it means the hackers have figured out a way to endrun around the captcha system that usually ensures the account creator is a real human.
Until Facebook has a chance to deactivate these rogue accounts, use caution when encountering any profile that looks similar to the above screenshot. Let us know in the comments if you’ve seen any of these fishy profiles in your travels around Facebook today.
