Slashdot Mirror
Life-Ruining Browser Hijackers
LehiNephi writes "If you're not diligent enough at whacking malware on your computer, you could end up in jail, whether or not you actually did something wrong. Hijacked browsers can not only annoy you with a never-ending string of pop-ups, they leave a less-than-virtuous browser history behind on your computer. This guy claims that some piece of malware hijacked his home page, opened an unstoppable chain of pop-ups, and filled his cache with porn. He now has to register as a sex offender, even though he denies that he did anything his computer says he did. Makes me glad for built in pop-up blocking in Mozilla."
But now the Transponder gang (ABetterInternet) are making .xpis to install their shit in Firefox/Mozilla.
And yes, CoolWebSearch is a goddamned pain to get rid of. New variants are immune to Merijn's CWShredder; they require specialized tools (pv.exe, TheKillBox) to remove, and some even require booting to a command line (nearly impossible in XP/2000).
One guy at my office accidentally got some CWS variants on his machine, and the IT department - myself included - went through the router logs (school district, have to keep the logs, state law here) to see where he got it. This resulted in his getting fired (free pr0n site, and yes, he was logged in as himself).
In short, these little bastards really _can_ ruin your life and your machine.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
If you are running Mac OS X or Linux, easy. Noone targets them. If you are running Windows, the steps to a secure windows box are easy:
1. Never use Administrator unless you are doing administrative tasks. If you are using a web browser as Administrator it should be for windowsupdate or device drivers, period.
2. Don't give any user account you create Administrative permissions.
3. Don't open attachments.
4. Use mozilla and disable popups.
5. If the account gets fucked up, delete it and create a new one.
Spybot Search & Destroy (best and most up-to-date IMHO)
AdAware (the original big one, not as up-to-date as Spybot S&D, but it still catches stuff Spybot doesn't)
HijackThis (for the really nasty stuff that the others don't get, though this can mess up your computer if it isn't used properly)
SpywareBlaster (it isn't as good as the others mentioned, but it still couldn't hurt)
What if this signature were clever?
Not only will Mozilla (and Firefox)'s built-in popup blocking help you. They also do not support ActiveX scripting. You have to get a plugin for it, and even once you have the plugin installed the controlls are tighter.
Who's the moron that thought it'd be cool to embed executable code in a web page anyway? Well, he's not as big of a moron as the guy who let it execute ANY code.
Bugs are just features that have been fixed.
what's the best way to get rid of this crap?
And for the love of all that is holy, tell everybody you know to stop using IE. If you're the tech support guy for your friends and family, have them start using firefox. Because sooner or later, if you don't, they'll get CWS and you'll be at their house helping them for a LONG time.
3 more:
6. Use windows update religiously.
7. Use a firewall or at least the crappy virtual firewall software that MS provides.
8. Something that has been put out for the last 40 years in the CS world: backup!
It's Pornzilla
The Best Porn Browser
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Some explanatory paragraphs from the article:
"When I used search engines, sometimes I got a lot of porn pop-ups," Jack said. "Sometimes I was sent to illegal porn sites. When I tried to close one, another five would be opened without my will. They changed my start page, wrote a lot of illegal porn links in favorites. The only way to stop this was turn the (computer's) power off. But when I dialed up to my server again, I started with illegal site, then got the same pop-ups. There were illegal pictures in pop-ups."
Security experts who were asked to review Jack's claims said it is possible that a browser hijacker could have been the reason porn images were found on Jack's computer. But they also pointed out some discrepancies in the story.
Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.
Brian Rothery, a former IBM systems engineer who has been researching Jack's claims, pointed out that a significant portion of the images and URLs cited in the arrest papers are from fairly tame nudist sites, as well as adult sites that do not contain illegal materials.
Malware is here to stay. I clean it of the computers of friends and family constantly. You can't hide behind Mozilla -or anything for the matter. You can use Ad-Aware or the like, and that's about it. I gave up on trying to make others understand what 'safe browsing' habits are. Malware no longer requires you to click 'ok' to something. It just hijacks your system on page load. I myself had a Java based trojan install an ftp daemon in my system folder with an INI file that had accounts named 'xdcc-warez' etc.. I am very secure, but I wouldn't have known about this intruder unless my firewall would have reported the ftp daemon opening the port.
I have tried many types of virus protection and I refuse to run them. Symantec 2004 'Pro' or 'Corporate' is EXTREMELY intrusive. With *ALL* the auto search and protection off, it still runs many services that take over 15mb of ram! McAffee and everything else is about the same. I am all about performance, I will not have adware and virus protection software scanning every file written to my HD, every word doc I open, email I send, or page i visit; that's ridiculous; not to mention with all those things of, the services are still there for some reason. Also, I don't need a HUGE GUI interface with animated gifs and crap.
Spyware is here to stay, get some somewhat non-intrusive software to protect your family and friends, and as for yourself, I guess just check your firewall, and/or have it alert you when a weird program or service wants access.
I received this link earlier today as spam... It took all the touble out of trying to find free porn on the net - thanks browser hijackers, whoever you are!
evil link to hijack your browser and force fee you porn - windows users click link at your own risk
The problem is that it's not easy to "prove". File creation dates can be manipulated pretty easily.
Surely even a judge can see the absurdity of someone manipulating the dates on their history files, but still leaving a record of browsing child porn. It's far easier to just purge them altogether.
Well the image rendering library is named libpr0n :)
It means that the files were deliberately downloaded, then deleted. Windows doesn't delete files, it simply marks the space as "empty". Caching uses a database structure, so it doesn't get deleted in the same way a regular file does. It's possible to delete it manually, but if it was, it still prove he knew about it.
Of course, it doesn't really mean anything, because they could have come from the prevous owner.
to clarify: netants is a download manager for windows that until fairly recently was free of spyware. It now comes with cydoor and all the stuff that gets in through the website. I used to use netants quite regularly, but have now switched to fresh downloads which does the job admirably.
I asked for a refund - and got my monkey back.
The site below can popup-flood Mozilla or IE.
WARNING: Site link below will flood your browser with popups of scat and child porno.
http://lm.pleaseeat.us/
You're not responsible if someone else put porn on your computer. Crimes generally require 2 elements (I'm a law student):
1) Mens Rea, or intent. Clearly no intent there. Sometimes crimes don't require this, but almost all do. Intent might be satisfied by meaning to download a "barely legal" video, though. It's like if you swear she looked 18, you can still go to jail for statutory rape.
2) Actus Reus, or criminal act. Depending on the statute, possession might be a crime. So he could be liable just for that.
It's unlikely he would be found guilty without at least meaning to download something pornographic.
On Windows (2k or later) you can use transparent file encryption. You could set your entire chache directory (either Internet Explorer or Mozilla, or any other file) to be encrypted. The key for encryption is based on the user's password: it's not stored on the computer. If you forcibly reset a user's password, the key is permanently lost. It appears to be a normal file to applications, so no support from them is needed.
Not that it would have been terribly usefull to the guy in the article, since he apparently didn't even know how to forcibly close windows (without using the close button).
I believe the prosecutor is required by law to turn over excuplatory evidence to the defence. But incompentence could go a long way toward excusing the failure to turn over said evidence.
Who will guard the guards?
I am a lawyer, and a former prosecutor, to boot. I never worked in a sex crimes unit, but I thought I'd offer my thoughts:
I didn't see that this was a federal case, so the Justice Department probably wasn't involved. If I missed it, I'm sure someone will correct me, but I don't think the feds just go after a guy with a few pics on his computer. It's more likely local cops and prosecutors.
That said, generally prosecutors have to turn over exculpatory evidence. Prosecutors are not permitted to second-guess what's exculpatory and what's not. If they don't turn something over, the defense can ask the judge for a number of sanctions, the most extreme of which is a dismissal of the charges. No prosecutor I know of would risk that or risk being made a fool of in front of the judge. Naturally, there are going to be instances where the prosecutor doesn't turn something over because of an oversight and there are very rare cases where prosecutors intentionally withhold evidence.
One comment indicated that the prosecutors should be able to tell whether or not the pictures happened all at one time or spread out over a span of time. The prosecution is required to turn over the evidence only; not their intepretation of the evidence. So, they'd have to either (1) turn over a perfect copy of the hard drive; or (2) allow the defense to examine it. If they employ an expert, however, they'd be required to turn over his opinions and the bases for them.
This is my sig. There are many like it but this one is mine.
What's he going to appeal? It was a plea bargain; he gave up most of his appellate rights. The only thing that stands out in my mind is that he could file an appeal based on ineffective assistance of counsel. In my experience, though, he wouldn't be likely to do this for two reasons: (1) appeals are extremely expensive; and (2) a claim of ineffective assistance of counsel has to be predicated on some kind of extreme negligence or malpractice on the part of the attorney. Bad advice alone isn't enough to warrant a reversal of his conviction.
This is my sig. There are many like it but this one is mine.
Furthermore, it's considered unethical (I know, I know, insert lawyer joke here) to collect a contingent fee in a criminal case. Why? Because then attorneys wouldn't take criminal cases they knew they would lose and poor Joe Child-Molester would never find competent counsel (contrary to popular belief, public defenders are only available to the indigent; most jurisdictions require a person seeking a public defender to disclose their financial information).
This is my sig. There are many like it but this one is mine.
Where is this in Linux? I can't find a user.js file anywhere.
Just browse to the address "about:config" (that works on most/all Mozilla-based browsers).
Coincidentally, my father is a retired FBI agent. I've never dealt with the FBI in a professional setting, but I know a little of the history. The FBI under Hoover was used to keep track of all kinds of people that Hoover saw as a potential threat. Thus, the FBI investigated everyone from Martin Luther King, Jr. to Elvis Presley. They undoubtedly used means to discover information that, by today's standards, would be considered illegal and abusive. Most of the time, this would not be a problem for the FBI because the sanction for obtaining evidence illegally is to throw the evidence out. If they're just keeping tabs on you and you're never arrested, there's little chance that you'd ever know about it.
That said, the FBI was usually way ahead of its time when it came to ensuring that they got their man. For example, they were employing Miranda warnings long before the Supreme Court issed the Miranda v. Arizona decision, which required the police to read a defendant his rights before questioning him.
One of the really great contributions of the FBI is that, wherever they interacted with the local police, they would encourage the local cops to adopt the same practices. This ultimately led to the creation of the FBI National Academy, where local police forces send their cops for training on legal issues as well as investigation techniques.
This is my sig. There are many like it but this one is mine.
For the non-technical, the hard disk is like a huge stack of sheets of paper. Some get used and written on. When you "delete" a file, it goes back into the unused pile of sheets but the data on it is not erased until it is pulled back out to be used again.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Tried it with Safari.
After about 30 pop-ups I held down command-w (Mac close window keystroke)
It closed all the windows fairly quickly and I was out.
What Brian Rothery actually said. I dunno why the article spun what he said so differently.
I'm 95% sure the guy is innocent of the child porn thing.
I wouldn't send anyone to jail with crappy evidence like this. Browsers and PCs can be hijacked and hijacking is widespread. The scum who do the hijacking are the ones who should be sent to jail - they throw kids into jail for writing worms/viruses, well they should throw the hijacking scumbags in first.
I use IE but have scripting etc off (it's even off for my Local computer zone - so many of the zone crossing exploits won't work on me), so I have no such probs, but think of your nonsavvy friends and relatives.
Alas, no. The blame for JavaScript may be laid firmly at the feet of Netscape, who invented it in part as a "respose" to Sun's Java. Any moron with even a passing familiarity with MSWord macro viruses would have realized that including and automatically executing code within what is fundamentally a document was a monumentally stupid idea. But no, they did it, anyway.
Microsoft doesn't get off scot-free, however. They uncritically re-implemented this braindamage and -- as first-hand observers of the problems caused by MSWord macro viruses -- had even less excuse for proliferating this.
Schwab
Editor, A1-AAA AmeriCaptions
The customer list was so large that it would've been cost prohibitive for them to prosecute everyone who paid for access to the kiddy porn sites busted up by the FBI and Interpol in that case. Pete Townsend was lucky there are so many sick fucks out there. The FBI and Interpol decide to go after the producers of kiddy porn instead. The people who ran the websites and the participants probably are worse but it's too bad that they couldn't arrest everyone who bought that stuff.
i got two windows. the first one would keep on trying to open a second, but once closed nothing came back. firefox 0.8, proxomitron with JD's basic config. also lots of popup blocked warnings from standard firefox blocker.
This is my Sig, this is my Gun. One is for Slashdot and one is for Fun.
I use a modified hosts file to block in-line ads and to block ads that are inside of pop-ups. However, if I am not mistaken that technique does not block the pop-up itself. Correct me if I am wrong, I am not an expert on that subject.
I use both Linux and Windows and have modified the hosts file in each. I use the modified hosts file to divert ad server URLs and redirect them to the 127.0.0.1 loopback address on my computer. After clearing the cache there are now about 1/3 less advertisements on most web pages. An empty rectangle appears where the adversement should have been. About half of the pop-ups are emptly. I have a slow dial-up connection and less advertisements means that many of the web pages load faster. But, I am uncertain if popup bombs would be stoped by that or not. Here is a web page that describes using a modified host file in either Windows or Linux.
http://www.everythingisnt.com/hosts.html
In a somewhat related problem, I have noticed lately that most home computers with Windows seem to have spyware on them. I recently helped install Ad-Aware on a friends computer and we discovered and removed over 80 spyware related items. Here is a link about Ad-Aware:
http://www.snapfiles.com/get/adaware.html
One last thing, I occasionally test my firewall at the "Shields of Website" and click on "ShieldsUP" see what ports I have open. It's nice to know that the firewall on my home computer is working and that I do not have any ports open. I hope that my computer will never get hijacked by porn the way his allegedly was (if it really was)! Is there anything more that I could do? I mostly use Mozilla Firefox 8.0 under Slakware 9.1 Linux by the way.
http://grc.com/
I had some malware on my machine, I think it was sms-universe and coolwebsearch was the other. One I got from the underdogs website and
I had adaware on my system, avg, regularly check my start up registry for unusual programs appearing in there.
Sms-universe was some kind of online dialer, thankfully there is no modem in the machine so that didn't work (I clicked no a few times and it opened lots of ads some for big respectable companies i believe, then it automatically downloaded somehow. Dunno how that happened since I clicked No.
CoolWebSearch changed my homepage to some kind of search site, but with porn images emblazoned on the bottom. Also I found other files and malware on my machine after tracking down those. It seemed like one loaded another, which loaded another. Meanwhile, no browser pages were opening automatically but a few strange programs were showing in the task manager.
I managed to finally get rid of it by running ad aware, avg a few times and also changing the search and start pages in Internet Explorer's registry. The Internet Options-> Tools, Homepage apply button didn't seem to work when I closed down the browser and re-opened it which was strange.
Also, I found various files and programs in my C:\Local Settings\Administrator\Temp directory (which I don't believe existed before), also additions to C:\WINNT\System, C:\WINNT\ and C:\
So I think its fairly easy to say that a browser hijacking can result in files being placed into a place outside the cache dir (which is what i really means when he says unallocated).
I couldn't tell by the timestamps that these files were dodgy. Only one of them had a recent date, which was start.chm. The others in the temp dir (one of them was a program running in memory, which wasn't there before).
Also, although the homepage changed, even though I check my system pretty often and know my way around the registry a bit, some of the stuff was difficult to find. If I had no clue about computers, I'd have been stuck.
Admittedly, there were no pictures hidden away (other than the cached homepages ones), but I'm sure it could haved happened and since bandwidth costs money, I wouldn't be surprised if this happens.
Anyway blah blah blah. I think it just means be more vigilant. Be more paranoid about websites. If people can create viruses or steal on the internet, they can certainly take advantage of a way to put you on a sex offenders list. Maybe if you're computer illiterate, you might have some of defence if your lawyer isn't a dumbass and you do have a virus or malware on your system.
in fact it is against the Model Rules of Professional Conduct to accept a contingency fee in a criminal case or any divorce action. Sometimes the law gets it right...
It's Pornzilla
OK, lets not start changing the name "Mozilla" now too.
This is not legal advice. You are not a client. I'm not even an attorney. If you want legal advice, contact an attorney admitted to your jurisdiction's bar. What I am saying here is probably 100% wrong and if you do anything in reliance upon it, you are a blithering idiot who deserves whatever bad shit is very likely to befall you.
Okay, now that the requisite idiot-proofing is out of the way . . .
The US Supreme Court passed on this issue a long time ago. The case was Brady v. Maryland 373 US 83 (1963). Quoth the headnote from the opinion:
Another US Supreme Court case to pass on this issue was Kyles v. Whitley, 514 US 419 (1995). Here, Kyles was arrested with the murder victim's car, her groceries, and her purse. He was convicted and sentenced to death. He almost definitely did it, but because the prosecutor failed to turn over possibly exculpatory evidence, his conviction was tossed and he was released from Angola prison. So yes, the prosecutor does have to disclose possibly exculpatory evidence and no, it does not vary from state to state. HTHBzzzzt, guess again. The hardcore flicks with Traci are illegal, but the Penthouse issue is still legal to own.
This is partly because nude photos of underage girls or boys have not universally been ruled 'pornography,' but also because they sold a hell of a lot of those magazines-- millions of copies. It would be impossible to prosecute everyone who owns one.
Just do a search on eBay. The Sept. '84 issue show up in auctions all the time, without eBay or the FBI cracking down.
Did you actually read the artice you linked to?
"The explicit material allegedly was found last fall after Thiemann requested additional disk space on a school-owned computer at the office in his Harvard-owned residence, the Boston Globe reported, citing unidentified sources. Thiemann allegedly asked the computer department to transfer the images to the new disk drive. The material was not child pornography or illegal in any other way, the sources said, Thiemann did not comment, the newspaper reported."
So, doesn't look like he was busted for kiddy porn at all, just "normal" porn.
TURN OFF JAVASCRIPT
It's not that hard. Websites that require Javascript should be considered malware -- there is NOTHING that Javascript can provide the user that either isn't technically necessary or can't be provided some other way.
If everyone disabled Javascript, and boycotted websites that require Javascript, and browsers shipped with Javascript disabled, then this whole popup nonsense would go away.
Pick One: http://www-rohan.sdsu.edu/~stremler/sigs/sigs.html (Note - disable Javascript first!)
*Sigh*
Mozilla's popup blocking works right now, only because Moz is such a minority. It would take only a trivial change in current popup javascript code to get around it.
In fact the only way to keep control of your own browser (rather than letting anonymous website authors do whatever the hell they want to your own computer) is to disable javascript completely.
If you take a mozilla approach further, and remove all ability for javascript to open pop-up windows, javascript will be left with no legitimate functionality any more. That is, unless you consider the ability to change status-bar text "legitimate functionality".
If you still don't believe that Mozilla's pop-up blocker doesn't work, and you don't think that javascript is disable, just visit the Not-Safe-For-Work, Burn-Your-Eyes-Out, Goatse-like fest that is http://www.nero-online.org/lastmeasure/
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
I call bullshit. Mozilla and other alternative browsers makes all the difference, since they don't contain the pool of bile that is ActiveX. That some spyware authors try to exploit holes doesn't mean anything, since the Mozilla developers are actively fighting and closing these holes, in contrast to Microsofts IE team that still hasn't closed even the most obvious holes.
And I really find your java trojan story quite unlikely. Sure you didn't get it from somewhere else? Got any documentation that java trojans that install FTP servers even exist?
The BBC would disagree with you.
I'm a lawyer, not a law student. (I'm not your lawyer. I don't practice in your jurisdiction. This isn't legal advice. And I've never been a prosecutor or a criminal defense attorney. But I have worked a lot on issues related to kids, sexual content, and the Internet.)
Any possession, whatsoever, of child porn is a federal felony offense. It doesn't matter how you got it, that you didn't want it, or that the computer made you do it.
Maybe you could challenge the statute, but good luck finding a lawyer who wants to argue that possession of actual child porn shouldn't be illegal because the statute didn't include an element of mens rea. The ACLU had a hard enough time challenging the law prohibiting images that just looked like child porn, but didn't involve actual children.
Back in 1998 or 1999, there was a senior exec at Infoseek who was arrested for travelling interstate to have sex with a minor -- who turned out to be an FBI agent, not a little girl. He was also charged with possession of child porn.
When the case finally went to trial, he brought out expert witnesses, who were able to convince the jury that plenty of people go online and pretend to be someone other than they are to have sex. He said that he never thought she was a real child; he thought she was a woman who liked to pretend she was a child having sex.
As I remember it, he agreed to a plea during the trial. I think the prosecutors must have found the expert persuasive. Ultimately, he pled guilty to possession of child porn, and agreed to some sort of community service helping the FBI improve its enforcement of child sexual exploitation laws.
In this case, here's what I think happened: This shmuck was deliberately looking at porn that was, at the very least, borderline. But he didn't want to admit it. And he was afraid of the cost of defending himself. So he copped a plea, and now regrets it.
Judges won't let you plead guilty unless they are convinced that you understand what you are agreeing to, and what rights you are giving up by pleading guilty. But they can't stop you from making a stupid decision. That's why you have a lawyer.
Incidently, in many cases a public defender is going to get a better deal for a defendant than an average defense lawyer. (Texas is an infamous counter-example.)
Why? They're in the system all the time. They have a relationship with the judges and the prosecutors. In that plea negotiation process, they know how strong or weak the case is, and the judge and prosecutor know that someone with whom they work frequently isn't going to bullshit them. (Or they know the person is always full of shit, but I'm talking about a good public defender.)
Who are you more likely to offer a good plea agreement to -- someone you work with every week, who has pretty much backed up what he's said when you've gone to trial with a weak case before? Or someone you don't know or have worked with occasionally, who might be right that your case is weak or might be completely full of it?
Of course, none of this applies if you can afford a seriously elite defense lawyer. Like the Infoseek guy had, or OJ, or Martha Stewart. But many elite defense lawyers worked as public defenders for a few years early in their careers.
Liza
These opinions are my own. My employer is not aware of them, does not endorse them, and is not responsible for them.
I would be genuinely aprehensive about helping a lost kid nowadays. If the parent was to turn up just as you started talking, well you can kiss your job, your friends and your family goodbye. No smoke without fire etc.
You can't even smile when you see a bunch of kids having fun without somebody assuming you're getting sexual gratification out of it.
News Account
Conviction News Story
Forgive the lack of hyperlinks, I live in a backwater southern community that can't figure out how to archive older news stories, but I was able to find a few blurbs. Last August the Mayor of a small, (and I mean literally everyone knows everyone that lives there) community near here was convicted of child pornography because he recieved e-mails that contained the photographs, something not listed in the articles above but was covered in the news, is that the reason he was charged and the images found, was that an anonymous tip came in to the FBI at almost the exact time of the time stamps on the e-mails to his Web TV box (he didn't even own a true "computer".)
Now, this is the classic stereotypical small town that has had shootings/fueds over elections, etc, as recently as the 80s. Keep that in mind.
I personally know the attorney that defended the 63 year old mayor in court, and trust me, he isn't exactly a techno-whiz, I wouldn't be surprised if he asked me "so where do they keep the Internet?"
What is most interesting is the fact that the FBI was able to check the e-mail through the ISP so fast that some of them hadn't even been checked by the Mayor yet - and yet he was still convicted.
I know that the technically proficient /. crowd has no problem realizing that this guy was obviously set-up. I don't think he had enough skill to know how to google for something, let alone find his way into an underground kiddie porn ring, and most odd to me, no charges were ever brought against the senders of the e-mails.
I followed this case pretty close, because it was frightening to me that someone that doesn't like you can destroy your entire world by simply clicking send to your e-mail address while making an anonymous call to the FBI that you are a terrorist, kiddie pornographer, insert bad apple of the week here. What shocked me is that they were able to get a conviction in the case.
Not all that different from the case in TFA. And a scary thought that the technophobes that tend to wear the robes in the country have far too much power over that which they do not understand.
Clothes make the man. Naked people have little or no influence in society - M. Twain
Just yesterday someone at work overheard me discussing ditching IE and Outlook Express and using Opera instead because of its pop up blocking etc as he had found his computer infected by some browser hijacker. A third person overheard us and volunteered the following story..
Apparently blackmailers have started sending emails with scripts and innocent looking urls to company mailboxes in the hope that someone will click/open a link, and then download a bit of malware/hijacking software which works in the background (secretly downloading kiddie porn etc, and of course maybe propogating itself on to a few more victims)
Then after a few weeks, the victim is contacted and told where to look on their PC to find this stuff and offered an opportunity to reveal passwords/company secrets/pay money or the blackmailer will turn them in to the cops.
When they look at the browser history, because its been secretly going for a few weeks it doesn't just look like a frame up. Even if they don't plant kiddie porn its still bad as many business do operate a "no porn on pain of instant dismissal" policy.
When someone finally spoke out about it at one company they found nine other victims in the same company who had been keeping quiet about it and hoping to handle it on the blackmailer's terms.