Story
location: http://www.wired.com/news/infostructure/0,1377,63391,00.html
02:00
AM May. 11, 2004 PT
Browser
hijackers are doing more than just changing homepages. They are also
changing
some peoples' lives for the worse.
Browser
hijackers are malicious programs that change browser settings, usually
altering
designated default start and search pages. But some, such as CWS, also
produce
pop-up ads for pornography, add dozens of bookmarks -- some for
extremely
hard-core pornography websites -- to Internet Explorer's Favorites
folder,
and can redirect users to porn websites when they mistype URLs.
Traces
of browsed sites can remain on computers, and it's difficult to tell from
those
traces whether a user willingly or mistakenly viewed a website. When those
traces
connect to borderline-criminal websites, people may have a hard time
believing
that their employee or significant other hasn't been spending an awful
lot
of time cruising adult sites.
In
response to a recent Wired News story about the CWS browser hijacker, famed
for
peddling porn, several dozen readers sent e-mails in which they claimed to
have
lost or almost lost jobs, relationships and their good reputations when
their
computers were found to harbor traces of pornography that they insist were
placed
on their computers by a browser hijacker.
In
one case a man claims that a browser hijacker sent him to jail after
compromising
images of children were found on his work computer by an employer,
who
then reported him to law enforcement authorities.
"The
police raided my house on Sept. 17, 2002," said "Jack," who came
to the
United
States from the former Soviet Union as a political refugee, and has
requested
that his name not be published. "Nobody gave me a chance to explain. I
was
told by judge and prosecutor that I will get years in prison if I go to
trial.
After negotiations through my lawyer I got 180 days in an adult
correctional
facility. I was imprisoned for 20 days and then released under the
Electronic
Home Monitoring scheme. I now have a felony sex-criminal record, and
the
court ordered me to register as a predatory sex offender for 10 years."
Jack
originally believed that the images found on his computer were from a
previous
owner -- he'd bought the machine on an eBay auction. But he now thinks
a
browser hijacker may have been responsible.
"When
I used search engines, sometimes I got a lot of porn pop-ups," Jack said.
"Sometimes
I was sent to illegal porn sites. When I tried to close one, another
five
would be opened without my will. They changed my start page, wrote a lot of
illegal
porn links in favorites. The only way to stop this was turn the
(computer's)
power off. But when I dialed up to my server again, I started with
illegal
site, then got the same pop-ups. There were illegal pictures in
pop-ups."
Several
of the URLs that CWS injects into Internet Explorer's favorites list
also
appear in the arrest warrant and other materials from Jack's hearing. CWS
works
as Jack described -- changing start pages, adding to favorites, popping up
porn.
But CWS was first spotted several months after Jack's arrest, so it seems
unlikely
that this particular hijacker is the cause of his problems.
Security
experts who were asked to review Jack's claims said it is possible that
a
browser hijacker could have been the reason porn images were found on Jack's
computer.
But they also pointed out some discrepancies in the story.
Some
of the images were found in unallocated file space, and would have to have
been
placed there deliberately since cached images from browsing sessions
wouldn't
have been stored in unallocated space.
Brian
Rothery, a former IBM systems engineer who has been researching Jack's
claims,
pointed out that a significant portion of the images and URLs cited in
the
arrest papers are from fairly tame nudist sites, as well as adult sites that
do
not contain illegal materials.
He
said that however the pornography arrived on Jack's computer, "the
evidence
wasn't
handled properly, and his lawyer did not do his job."
Jack
said he opted not to fight the charge because his lawyer told him he would
probably
receive a harsher sentence if he went to trial.
"They
are very eager to get conviction," Jack said. "Nobody can fight those
powers.
I could hardly stay in jail two weeks. The cell is very small, the food
is
very bad. They let prisoners out only every other day for 3 hours. I do not
know
how people can stay in prison for years."
If
the pornography was placed on Jack's machine by a browser hijacker, he's
suffered
far more than most victims of malicious software. Others who blame
browser
hijackers for placing porn on their computers have been luckier.
"I
was almost fired after some sort of content-monitoring system that my
ex-employer
used on the network found several dozen dirty photos on my laptop,"
said
Matthew Cortella, a sales representative based in Illinois. "I had no idea
how
that stuff got on my machine; I thought it'd been hacked.
"Eventually,
thank God, IT found some program on there that they said could have
caused
the problem. But for eight days I was sure I'd be fired, and I was
terrified.
I have a family to support. Jobs aren't easy to come by these days."
"My
wife and I separated for a time because she thought I was looking at
porno,"
said
Fred McFarlane, a store owner in Georgia. "We are religious people. She
just
couldn't be with me after she saw the pictures that were in our computer. I
don't
blame her. Even now, I know it's real hard for her to understand it was
the
computer that did it, not me."
Telling
people that "the computer" is downloading pornography on its own
often
provokes
smirks and disbelief.
"I
have to say it's like insisting the dog ate your homework," said Jeff
Bertram,
a systems administrator in New York City. "Are you going to admit that
you
downloaded porn to your pissed-off spouse or employer? Or to a judge? Hell
no,
your honor, it wasn't me. The browser did it."
Jack
said he would like to appeal his conviction, but knows it will be difficult
to
convince people that he didn't download the pornography found on his machine.
"The
police found nothing in my house, you know, not even a Playboy magazine,"
he
said. "Only in the computer. But most people do not understand that such a
thing
is possible, that the computer could have made this happen. Plus, with
child
pornography, people's reaction is only emotions and no thinking."
"I
advise Internet users to be very, very careful," Jack added.
"Committing a
felony
is very easy; it just takes one click."