Slashdot Mirror
Life-Ruining Browser Hijackers
LehiNephi writes "If you're not diligent enough at whacking malware on your computer, you could end up in jail, whether or not you actually did something wrong. Hijacked browsers can not only annoy you with a never-ending string of pop-ups, they leave a less-than-virtuous browser history behind on your computer. This guy claims that some piece of malware hijacked his home page, opened an unstoppable chain of pop-ups, and filled his cache with porn. He now has to register as a sex offender, even though he denies that he did anything his computer says he did. Makes me glad for built in pop-up blocking in Mozilla."
But now the Transponder gang (ABetterInternet) are making .xpis to install their shit in Firefox/Mozilla.
And yes, CoolWebSearch is a goddamned pain to get rid of. New variants are immune to Merijn's CWShredder; they require specialized tools (pv.exe, TheKillBox) to remove, and some even require booting to a command line (nearly impossible in XP/2000).
One guy at my office accidentally got some CWS variants on his machine, and the IT department - myself included - went through the router logs (school district, have to keep the logs, state law here) to see where he got it. This resulted in his getting fired (free pr0n site, and yes, he was logged in as himself).
In short, these little bastards really _can_ ruin your life and your machine.
Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
Spybot Search & Destroy (best and most up-to-date IMHO)
AdAware (the original big one, not as up-to-date as Spybot S&D, but it still catches stuff Spybot doesn't)
HijackThis (for the really nasty stuff that the others don't get, though this can mess up your computer if it isn't used properly)
SpywareBlaster (it isn't as good as the others mentioned, but it still couldn't hurt)
What if this signature were clever?
what's the best way to get rid of this crap?
And for the love of all that is holy, tell everybody you know to stop using IE. If you're the tech support guy for your friends and family, have them start using firefox. Because sooner or later, if you don't, they'll get CWS and you'll be at their house helping them for a LONG time.
It's Pornzilla
The Best Porn Browser
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Some explanatory paragraphs from the article:
"When I used search engines, sometimes I got a lot of porn pop-ups," Jack said. "Sometimes I was sent to illegal porn sites. When I tried to close one, another five would be opened without my will. They changed my start page, wrote a lot of illegal porn links in favorites. The only way to stop this was turn the (computer's) power off. But when I dialed up to my server again, I started with illegal site, then got the same pop-ups. There were illegal pictures in pop-ups."
Security experts who were asked to review Jack's claims said it is possible that a browser hijacker could have been the reason porn images were found on Jack's computer. But they also pointed out some discrepancies in the story.
Some of the images were found in unallocated file space, and would have to have been placed there deliberately since cached images from browsing sessions wouldn't have been stored in unallocated space.
Brian Rothery, a former IBM systems engineer who has been researching Jack's claims, pointed out that a significant portion of the images and URLs cited in the arrest papers are from fairly tame nudist sites, as well as adult sites that do not contain illegal materials.
Malware is here to stay. I clean it of the computers of friends and family constantly. You can't hide behind Mozilla -or anything for the matter. You can use Ad-Aware or the like, and that's about it. I gave up on trying to make others understand what 'safe browsing' habits are. Malware no longer requires you to click 'ok' to something. It just hijacks your system on page load. I myself had a Java based trojan install an ftp daemon in my system folder with an INI file that had accounts named 'xdcc-warez' etc.. I am very secure, but I wouldn't have known about this intruder unless my firewall would have reported the ftp daemon opening the port.
I have tried many types of virus protection and I refuse to run them. Symantec 2004 'Pro' or 'Corporate' is EXTREMELY intrusive. With *ALL* the auto search and protection off, it still runs many services that take over 15mb of ram! McAffee and everything else is about the same. I am all about performance, I will not have adware and virus protection software scanning every file written to my HD, every word doc I open, email I send, or page i visit; that's ridiculous; not to mention with all those things of, the services are still there for some reason. Also, I don't need a HUGE GUI interface with animated gifs and crap.
Spyware is here to stay, get some somewhat non-intrusive software to protect your family and friends, and as for yourself, I guess just check your firewall, and/or have it alert you when a weird program or service wants access.
Well the image rendering library is named libpr0n :)
You're not responsible if someone else put porn on your computer. Crimes generally require 2 elements (I'm a law student):
1) Mens Rea, or intent. Clearly no intent there. Sometimes crimes don't require this, but almost all do. Intent might be satisfied by meaning to download a "barely legal" video, though. It's like if you swear she looked 18, you can still go to jail for statutory rape.
2) Actus Reus, or criminal act. Depending on the statute, possession might be a crime. So he could be liable just for that.
It's unlikely he would be found guilty without at least meaning to download something pornographic.
This gets past the Mozilla/Firefox blocker by using target="_blank" which somehow bypasses it.
// disable target="_blank" (open in same window):d ow", true);
p s.html#beh_blank
Add the following to your user.js to stop it:
user_pref("browser.block.target_new_win
Stolen from Texturizer.net:
http://texturizer.net/firefox/ti
I am a lawyer, and a former prosecutor, to boot. I never worked in a sex crimes unit, but I thought I'd offer my thoughts:
I didn't see that this was a federal case, so the Justice Department probably wasn't involved. If I missed it, I'm sure someone will correct me, but I don't think the feds just go after a guy with a few pics on his computer. It's more likely local cops and prosecutors.
That said, generally prosecutors have to turn over exculpatory evidence. Prosecutors are not permitted to second-guess what's exculpatory and what's not. If they don't turn something over, the defense can ask the judge for a number of sanctions, the most extreme of which is a dismissal of the charges. No prosecutor I know of would risk that or risk being made a fool of in front of the judge. Naturally, there are going to be instances where the prosecutor doesn't turn something over because of an oversight and there are very rare cases where prosecutors intentionally withhold evidence.
One comment indicated that the prosecutors should be able to tell whether or not the pictures happened all at one time or spread out over a span of time. The prosecution is required to turn over the evidence only; not their intepretation of the evidence. So, they'd have to either (1) turn over a perfect copy of the hard drive; or (2) allow the defense to examine it. If they employ an expert, however, they'd be required to turn over his opinions and the bases for them.
This is my sig. There are many like it but this one is mine.
What's he going to appeal? It was a plea bargain; he gave up most of his appellate rights. The only thing that stands out in my mind is that he could file an appeal based on ineffective assistance of counsel. In my experience, though, he wouldn't be likely to do this for two reasons: (1) appeals are extremely expensive; and (2) a claim of ineffective assistance of counsel has to be predicated on some kind of extreme negligence or malpractice on the part of the attorney. Bad advice alone isn't enough to warrant a reversal of his conviction.
This is my sig. There are many like it but this one is mine.
Furthermore, it's considered unethical (I know, I know, insert lawyer joke here) to collect a contingent fee in a criminal case. Why? Because then attorneys wouldn't take criminal cases they knew they would lose and poor Joe Child-Molester would never find competent counsel (contrary to popular belief, public defenders are only available to the indigent; most jurisdictions require a person seeking a public defender to disclose their financial information).
This is my sig. There are many like it but this one is mine.
Coincidentally, my father is a retired FBI agent. I've never dealt with the FBI in a professional setting, but I know a little of the history. The FBI under Hoover was used to keep track of all kinds of people that Hoover saw as a potential threat. Thus, the FBI investigated everyone from Martin Luther King, Jr. to Elvis Presley. They undoubtedly used means to discover information that, by today's standards, would be considered illegal and abusive. Most of the time, this would not be a problem for the FBI because the sanction for obtaining evidence illegally is to throw the evidence out. If they're just keeping tabs on you and you're never arrested, there's little chance that you'd ever know about it.
That said, the FBI was usually way ahead of its time when it came to ensuring that they got their man. For example, they were employing Miranda warnings long before the Supreme Court issed the Miranda v. Arizona decision, which required the police to read a defendant his rights before questioning him.
One of the really great contributions of the FBI is that, wherever they interacted with the local police, they would encourage the local cops to adopt the same practices. This ultimately led to the creation of the FBI National Academy, where local police forces send their cops for training on legal issues as well as investigation techniques.
This is my sig. There are many like it but this one is mine.
Alas, no. The blame for JavaScript may be laid firmly at the feet of Netscape, who invented it in part as a "respose" to Sun's Java. Any moron with even a passing familiarity with MSWord macro viruses would have realized that including and automatically executing code within what is fundamentally a document was a monumentally stupid idea. But no, they did it, anyway.
Microsoft doesn't get off scot-free, however. They uncritically re-implemented this braindamage and -- as first-hand observers of the problems caused by MSWord macro viruses -- had even less excuse for proliferating this.
Schwab
Editor, A1-AAA AmeriCaptions
This is not legal advice. You are not a client. I'm not even an attorney. If you want legal advice, contact an attorney admitted to your jurisdiction's bar. What I am saying here is probably 100% wrong and if you do anything in reliance upon it, you are a blithering idiot who deserves whatever bad shit is very likely to befall you.
Okay, now that the requisite idiot-proofing is out of the way . . .
The US Supreme Court passed on this issue a long time ago. The case was Brady v. Maryland 373 US 83 (1963). Quoth the headnote from the opinion:
Another US Supreme Court case to pass on this issue was Kyles v. Whitley, 514 US 419 (1995). Here, Kyles was arrested with the murder victim's car, her groceries, and her purse. He was convicted and sentenced to death. He almost definitely did it, but because the prosecutor failed to turn over possibly exculpatory evidence, his conviction was tossed and he was released from Angola prison. So yes, the prosecutor does have to disclose possibly exculpatory evidence and no, it does not vary from state to state. HTH