• United States

More problems from infected e-mail

Aug 12, 20032 mins
Enterprise ApplicationsHackingMalware

* Trojan horses get two users into hot water

Two individuals in the U.K. were separately accused of storing child pornography on their computers, after which it was determined that a Trojan horse had placed the images on their hard drives without their knowledge.

This seems to continue a trend; a couple of weeks ago, I wrote about an Australian student who was convicted of storing images of child pornography on his computer even though he believed them to be images of a heavy metal band. Although he was given a suspended sentence, he now has a criminal record for doing nothing more than failing to check the content of attachments that someone had sent to him.

In the first U.K. case, a 39-year-old man from Reading, England, was accused of storing 14 images of child porn on his hard drive. Only when a computer consultant demonstrated that a Trojan horse had been responsible for the images did the court exonerate him.

In the second case, a 45-year-old man from southwest England was accused of storing 172 images of child porn on his computer. He spent more than three months in jail, his ex-wife was awarded custody of their daughter, and the courts gave his home to his ex-wife. Only when the court granted the individual funds to hire a computer consultant was the man able to prove that a Trojan horse was responsible for the images on his computer.

Both of these incidents, as well as that of the Australian student, should be enough motivation to make any computer user vigilant about keeping antivirus software up to date and to make them very careful about the attachments that they are willing to accept.

Further, corporate managers need to be vigilant about maintaining their antivirus, antispam, firewall, corporate policies and other defenses.

After all, what happens if a Trojan horse infects an innocent corporate user’s computer? As shown above, that user’s life might become a nightmare until he or she can be proven innocent. Plus, it is very likely that the user will file a lawsuit against his or her employer for not providing sufficient protection against the malicious code that caused the problem. Add to this the loss of reputation for all parties involved, and you have a very messy situation that is relatively easy and inexpensive to prevent with adequate defenses.