What if ... ?



Imagine your computer gets a new type of malware that makes it download certain URLs every now and then. Imagine that software creates a special HTTP request with a fake "Referer:" header. Imagine that the purpose of that is to pretend that you are clicking on an advertising link. Imagine that the mentioned links are ads of porno sites. Imagine the software includes an engine to spread itself on your local network. Imagine your boss starts monitoring the employees network activities so you are caught red handed, at least apparently. Imagine that you are fired because of your alleged browsing activities.

Now stop imagining.

It might already happened to one of my clients and his colleague, both fired for the same reason (porn surfing at work) they claim it is wrong because they did not do that. I cannot tell you for sure because their former company is not interested in researching this matter any further.

However, neither the cookies nor the temporal internet files nor the URL patterns they allegedly browsed seemed to make any sense (even if you are a pr0n fanatic). This and the fact they claim they have never used the company laptop for such an activity suggests that the company might have rushed to a conclusion that could be wrong.

For the moment, the ball is on the judge's hands for my client. (But his laptop is not in my hands to further research this possibility). I'll be glad to hear from you in case you may have a clue about the existence of such a software (even if you authored it yourself).

Comments

Hiroshi Ikeda said…
In a quick search i get this from Google (I guess you are more steps from me, of course)
http://www.elmundo.es/navegante/2004/07/26/seguridad/1090835194.html

But the fact is, I've heard zombie software through Windows before. Maybe installing a system monitor (CPU activity, LAN activity,...) could provide a clue.

Despite the article mentioned above, the fact is so dificult to find a zombie example. It seems you need to have access to the laptop to make a more examination. Good luck to you and your friends.
misan said…
Thanks Hiroshi,

I've just thought other people on the Internet might have heard of a similar pattern before.

A few days ago a botnet targeted to commit fraud on Google's AdSense was reavealed on the news. However, as you point out you need to grab the offending computer to conduct a detailed study of the causes of such a behaviour.

Cheers,

Miguel

Popular posts from this blog

VFD control with Arduino using RS485 link

How to get sinusoidal s-curve for a stepper motor

Importing OpenSCAD designs into Onshape