Letter to the editor: The strange case of Julie Amero

2007-03-01

Alex Shipp

MessageLabs, UK
Editor: Helen Martin

Abstract

'As things currently stand, anyone who has pornographic images appearing on their screen as a result of malware on their PC, or being trapped in a continuous pop-up loop, is at risk of conviction if there are minors in the vicinity.' Alex Shipp, MessageLabs.


In January I heard that a 40-year-old female substitute teacher, had been convicted in a US court on four counts of risking injury to minors.

The prosecution argued that Julie Amero had been surfing porn while in charge of a class of seventh-grade pupils. Julie maintained that the pornographic material kept appearing on the screen, and that whenever she tried to get rid of it, more would appear.

Reading about the case, it did not seem believable that a 40-year-old pregnant woman would spend the whole day surfing porn in front of a class of 12-year-olds. To me, the symptoms Julie described were the classic signs of a ‘pornado’ attack, so I started digging further.

I found many things that worried me.

The school’s investigation consisted of checking the browser history and firewall logs, and then firing her. There was no chance for Julie to tell her side of the story, and no help was given to her.

The police investigation consisted of running a program to see which sites were visited. There was no search for malware or spyware, no examination of the pages visited for Javascript, no attempt to piece together the sequence of events, and no analysis of the firewall logs to discern browsing patterns.

In court, several incorrect technical arguments were made by the prosecution, including the assertion that if a link is a different colour, then it must have been clicked on deliberately.

Some of the other arguments were highly technical, yet the process continues at such a speed that there is no time during the trial to pick up on inconsistencies.

In short, as things currently stand, anyone who has pornographic images appearing on their screen as a result of malware on their PC, or being trapped in a continuous pop-up loop, is at risk of conviction if there are minors in the vicinity.

Hopefully a lot of lessons will be learned from this case, and hopefully they will be learned in time to help Julie.

The next significant date in this case is sentencing, which is currently scheduled for 2 March – by the time you read this it may already have happened.

Alex Shipp, MessageLabs, UK

[Sentencing in Julie Amero's case has been postponed until 29 March 2007. More information and updates on the case can be found at http://julieamer.blogspot.com/ - Ed.]

If you have opinions to express or simply want to comment on the state of the industry - send your letters to: [email protected].

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest articles:

Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

Aditya Sood & Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited to compromise the C&C panel in order to gather threat intelligence, and present a model of mobile AppInjects.

Cryptojacking on the fly: TeamTNT using NVIDIA drivers to mine cryptocurrency

TeamTNT is known for attacking insecure and vulnerable Kubernetes deployments in order to infiltrate organizations’ dedicated environments and transform them into attack launchpads. In this article Aditya Sood presents a new module introduced by…

Collector-stealer: a Russian origin credential and information extractor

Collector-stealer, a piece of malware of Russian origin, is heavily used on the Internet to exfiltrate sensitive data from end-user systems and store it in its C&C panels. In this article, researchers Aditya K Sood and Rohit Chaturvedi present a 360…

Fighting Fire with Fire

In 1989, Joe Wells encountered his first virus: Jerusalem. He disassembled the virus, and from that moment onward, was intrigued by the properties of these small pieces of self-replicating code. Joe Wells was an expert on computer viruses, was partly…

Run your malicious VBA macros anywhere!

Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In this article he explains how he recompiled…


Bulletin Archive

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.