Malware and Child Porn

Do you use non-secure file sharing? Do you look for sites where you can find ways of playing games without paying for them? Download and use software cracks? Any other such activities?

Beware if you do. Some computers used in such ways but not used to browse for or view child porn end up with child porn on them never-the-less. And, users in that situation sometimes don’t find out until the local law comes knocking at the door.

Fighting such cases requires much technical help from a computer forensics expert and the legal bills can come to tens to hundreds of thousands of dollars because the presumption of guilt is strong in such cases. After all, the files were actually found on your computer and the excuse “a virus made me do it” just doesn’t fly with most district attorneys — everybody trys to use it after all. In a newspaper article, a federal prosecutor in Wyoming is quoted as saying this is the “SODDI defense” (Some Other Dude Did It). But, like paranoia, just because you feel people are out to get you doesn’t mean there are not people out to get you.

So, how does it happen? Mostly by encountering malware that opens file sharing on the computer. This allows the malware and even other users to use your computer to store their files. This makes it harder for the law to find them but easier for the law to find you as the source of the material.

A good forensics expert might be able to figure out if storage of the material was your doing or the doing of some malware. For example, in one case, the expert found that material was being downloaded from up to 40 sites within such a small time window it would have been impossible for a human to have done so. In other cases proof existed that the user was either not using the computer at the time of download or was busy with other tasks and could not have done the downloads. But, such proof is not always available and lacking such even if you did not download the material makes it look like you did.

Such activity is a minor part of the malware scene right now as there is no present way to monetize it (the ultimate goal of malware these days it seems). But, give it time.

Keep your defenses up and stop trying to skirt the law with downloads and the like.

[Comments from the original 11/14/2009 posting]

Comment: YES, I found out the hard way,as I got a virus that wiped my hard drive once, luckily I had everything backed up, and now I use Utorrent( and only for legal file sharing) which has a built in virus scan, and I use AVAST to scan everything a second time, but I doubt virus scans would find this stuff, so is there some other way to detect those files and get rid of them?
Answer: Probably the best way would be to make a catalog of the files on the disk and then periodically make new catalogs and compare to see what’s new. See “Cathy” as one such alternative…
http://www.nonags.com/nonags/diskcat.html
The main problem is that the files could have any name in any location and the name may say nothing about the contents. So, basically, you are looking for things that change in a non-temporary directory. When those are found they can be examined with file viewer software to see what the contents might be if they look anything suspicious.

Comment: I’m currently trying to get my 23 year old son out of jail because of this. 10 images were found on his computer that he didn’t know about. To top things off the officials in Florida are trying to justify paying for a new Federal Court House and they’ve charged him with federal crimes. His attorney wants to just “cut” a deal because federal prosecutors have 90% conviction rates. But he’s innocent and we are fighting hard to find someone in the legal system in Florida that is computer savvy enough to help. It was all because of p2p usage. Some experts theorize that the music industry is behind some of the trojan horses responsible for the child porn as payback for the music sharing.
Answers: Which game was your son trying to download? We also live in Florida, and agree with you wholeheartedly that the Law Enforcement Agencies are not as tech savvy as they need to be. Good luck to you and your son. If you are in Broward or a nearby county, try calling this atty. [Link removed - 404]