A March 30, 2009 article by Bobbie Johnson states that a Virus that has infected 10m computers leaves experts baffled.

It could be the biggest April Fool’s joke ever played on the internet, or it could be one of the worst days ever for computers connected to the network. Security experts can’t work out whether the Conficker virus – which has infected more than 10m Windows PCs worldwide – will wreak havoc on Wednesday , or just let the day pass quietly.
Experts have worked out that from midnight on 1 April, the Conficker program will start scanning thousands of websites for a new set of instructions telling it what to do next. The infected machines thus comprise one of the biggest “botnets” – a network of “robot” computers – in internet history. And if they were all given a target, such as simultaneously sending search queries to Google or trying to connect to a gambling site, they could knock it offline through the sheer volume of connections – a “denial of service”. Victims usually discover that they have been locked out of their computers or have very slow-running internet connections.

Botnets have been used in the past to generate millions of pieces of spam email and to blackmail gambling sites that need to stay online during sports events with the threat that they will be deluged by a “denial of service” attacks.

Careful study of infected machines has revealed that from midnight on Wednesday they will seek new instructions from a randomly generated list of thousands of websites that changes every day. Just one needs to be under the virus writers’ control to turn Conficker into a newly configured botnet – making the task of catching the exact site a search for a needle in a computing haystack.

Experts admit that they have little idea of where Conficker might be headed next. “It’s a brave man who puts his neck out like that,” said Graham Cluley, an analyst with internet security company Sophos. “For what it’s worth, we have never seen earlier versions of the Conficker worm downloading a malicious payload.”

Entire Article

Popularity: 54% [?]

In a March 2nd, 2009 article, Author Toni Bowers states that most Internet usage policies contain vague wording about the repercussions employees will face if caught surfing porn sites. But after a precedent-setting case in 2006, is this enough to cover your company’s bases in the event of a lawsuit?

If you asked most company executives and IT pros, you would find that they believe they take appropriate action when it comes to employees viewing porn on work computers. Most Internet usage policies contain wording that explains how those caught surfing porn sites are “subject to discipline, up to and including discharge.” That kind of policy seemed to have the bases covered until an appellate court overturned one case in 2006.

In the case of Jane Doe v. XYC Corporation (this generic form is how it appeared in court docs), an appellate court ruled that the employer had a duty to take prompt and effective action to prevent the employee from continuing to view child pornography.

Here’s the background: In 1999 and 2001, a man employed as an accountant by XYC Corporation came under fire when various other employees became aware that he was using his office computer to view pornography. This was reported to company executives who, upon reviewing his Web usage, promptly warned the employee to stop accessing pornographic sites. (One of the sites the employee had viewed several times involved child pornography.) Despite being warned a second time, the employee was caught accessing those sites again. No further disciplinary action was taken.

In 2001, this man was arrested for child pornography. Shortly before his arrest, the employee transmitted from his office computer three pornographic images of his 10-year-old stepdaughter to a child porn site in order to obtain access to it.

The child’s mother, now the employee’s ex-wife, sued the XYC company, asserting that its knowledge of the employee’s use of his office computer should have triggered an obligation to report such misconduct to the authorities. The company’s negligent failure to report such misconduct “caused, and rendered it liable for, the resulting injuries sustained by Employee’s stepdaughter.”

The appellate decision held that:

“An employer who is on notice that one of its employees is using a workplace computer to access pornography, possibly child pornography, has a duty to investigate the employee’s activities and to take prompt and effective action to stop the unauthorized activity, lest it result in harm to innocent third-parties. No privacy interest of the employee stands in the way of this duty on the part of the employer.”

The court rejected the company’s argument that the employee’s right of privacy barred it from investigating his private e-mail communications.

I don’t think the ruling means a company will be held liable if anyone in their employment accesses a child porn site, and you’re not aware of it. It means that you’re held liable if you were AWARE of the conduct and didn’t report it to the authorities.

Entire Article

Popularity: 59% [?]