Forum menu
knock em out.
Then on Monday phone in sick, claim stress with HR and take a good few weeks off, remembering to pop in and see your doc spouting off all sorts of anxiety symptoms.
Sounds about fair.
Well the bottom line is that the system in your company is infected by malware. The IT people might deny it because they will be rather embarrassed for not updating the security system, so better to blame others by throwing in bunch of IT jargons ... I doubt most IT admin is really that up-to-date with malware prevention. Normal AV is not enough.
๐
I've mainly kept out of this because it would just add to the noise but as someone who enforces browsing policies and often carries out investigations such as those you're experiencing....
I have not, in over 10 years of working in the security field, come across a user who has dodgy images on their PC which can be explained through a virus. Not once (and the company I work at at the moment has over 20,000 employees). Which is why I ignore it as a reason for your problem. It is almost certainly the result of images being shared through some website or other whether it be mleh or something else.
Your IT team is certainly at fault for the major part though.
No up to date AV? They should be sacked.
They allow people to visit these sites (even by accident)? They should be sacked.
My advice from this point is to make it clear you have never intentionally downloaded any of the images found and can produce a list of all the sites you normally visit which while not being work related, can also not be considered in breach of your company policy. If these images were downloaded through those visits then take a slap on the wrist, offer to alter your browsing habits and keep your job.
That website is apparently not on my list of ban website with malware ... hhhhhhmmmm ... but then I only have 12283 ban sites on my Spyware (freeware) database. Oh well ... I am not going to visit the site just in case it try to mess up my system.
๐ฏ
Sounds like you've got a virus or malware on your PC: http://digg.com/d14rWV - be glad you're not in the USA
Jeebus. It's no virus and there's no malware. It's an image hosting site. So, he saw some images from it - but NOT anything incredibly dodgy, it's just that [i]someone[/i] at his work decided to see what was on the site and found some nasty material. That's no "proof" that he was looking at those images.
I could link to an image on that site in this post and you'd never know.
That's ridiculous, that's like saying I've looked on flickr, and then his boss saying well someone else has taken some 'arty' shots you must be a perv...
stufield - MemberThat's ridiculous, that's like saying I've looked on flickr, and then his boss saying well someone else has taken some 'arty' shots you must be a perv...
Correctomundo....
I assume your company uses a proxy for web access, in which case it will surely have recorded the exact files you accessed, not just the domain.
I'd be asking for the logs containing the exact paths accessed.
Bit late to be suggesting this, given the time of your meeting tho ๐ฅ
Good luck
Edit: something like this:
[code][root@dell ~]# tail /var/log/squid/access.log
1238745865.869 12 193.195.25.60 TCP_DENIED/407 2084 GET
- NONE/- text/html
1238745875.015 47 193.195.25.41 TCP_DENIED/407 1963 GET
- NONE/- text/html
1238745875.016 0 193.195.25.41 TCP_DENIED/407 2135 GET http://securityresponse.symantec.com/avcenter/threatcon.zip - NONE/- text/html
1238745875.061 44 193.195.25.41 TCP_CLIENT_REFRESH_MISS/200 3212 GET http://securityresponse.symantec.com/avcenter/threatcon.zip administrator DIRECT/88.221.26.26 application/zip
1238745965.182 0 193.195.25.60 TCP_DENIED/407 1927 GET http://www.singletrackworld.com/forum/edit.php? - NONE/- text/html
1238745965.290 97 193.195.25.60 TCP_DENIED/407 2099 GET http://www.singletrackworld.com/forum/edit.php? - NONE/- text/html
1238745966.510 38 193.195.25.60 TCP_DENIED/407 1879 GET http://vimeo.com/moogaloop.swf? - NONE/- text/html
1238745966.959 61 193.195.25.60 TCP_DENIED/407 2051 GET http://vimeo.com/moogaloop.swf? - NONE/- text/html
1238745967.047 6 193.195.25.60 TCP_DENIED/407 1912 GET 
? - NONE/- text/html
1238745967.310 35 193.195.25.60 TCP_DENIED/407 2084 GET ? - NONE/- text/html
[/code]
Wonder how he got on
I was thinking the same
Is no news good news?
If he was at my place of work, they would probably just give him informal warning and restrict his internet access to previously agreed sites.
So I'm back.
And no further forward.
They presented em the list (which I posted) and said 'IT say you have looked at all of this'. I say 'No I haven't'. They have the same list as me and that's it!
The dodgy images mentioned before were not in fact me but a member of staff who was told I'd been looking at something. She went on her PC and picked 3 files at random. So that's where that comes from.
I tried asking them how can 17 sites be accessed in 1 minute? 'You can open multiple windows' was the reply. I'm gobsmacked!
I asked them about their AV not being up to date and put it to them that could it be malware, a virus, adware, something else? They don't know? I then had to wait outside for an hour and a half while they got IT to check on things.
I go back in and I'm no further forward! They don't have any answers for me and I have none for them.
I'm then told to go home again, IT need more time and I've to go back on Monday at 11am.
This is making me extremely stressed now.
I met a friend who attempted to explain how IE (which is IE7 I'm told and will be out of date as IT don't update it and IE8 is now vailable) can have malware on it which will mean it can do things in the background and I would never know. I still don't really understand it but it sounds plausible.
On Monday I'm taking someone in with me to be a witness, I couldn't today as there are only 2 people in there I would trust both who were not in.
All I want to do is get back to work!
Oh, and the two people interviewing me know even less than I do about these things. So whatever IT tell them they will take as word.
Just ask them as many questions as you can that they can't answer that prove that they cant prove you actively sought the images. When they realise they cant prove anything (and they owe you that at least) they may back down.
...and another thing - I asked if there was any pattern to it, is there a site which seems to trigger it?
No, there isn't.
sounds to me like they haven't got a clue.
your IT department are useless and so your management team for listening to them without understanding what is going on.
tell them you want IT at the next meeting. i'd also advise getting legal advice.
I have no way of getting legal advice before Monday now though.
I agree that it sounds like they don't know what is going on either though.
Forget the whole malware/IE7/AV thing, it's just clouding the issue.
The 17 sites in a minute thing is easy. I could put 17 links in this post, and when you browsed it, you'd actually be opening 17 sites.
Sounds like it's as I assumed. They have a list of sites and then someone in your IT section has just opened some images at random. That doesn't mean that [i]you[/i] were looking at those specific images.
Well druid if you can do that why not star ta thread somewhere, that no one else posts on that does exactly that. The Zed can take a clean pc at work browse that thread, and hey presto, point proven, no pawn looked at.
"Sounds like it's as I assumed. They have a list of sites and then someone in your IT section has just opened some images at random"
That is exactly what they did. They admitted that to me.
Are you allowed representation in your meeting? If so, take someone who is very IT savvy if possible. Sounds like your management have no clue about what they are talking about. I work in the IT Security field myself and part of my job is designing content filtering setups for large multi-national and Government organisations that are designed to stop this kind of thing happening in the first place - so I understand the issues involved. Any clued-up Security guy can easily spot the difference between this sort of situation and actual inappropriate usage - you need to make sure that you get access to someone who understands what they are talking about...
The chap I'm brining in knows more than I do.
When I asked them 'how can something like this get through?' they replied 'we can't stop all sites, we are adding to the list all the time. These sites will now be added'
I held my head in my hands at that point. There appears to be the bear minimum of security...
I'm at a loss for words. There is absolutely no need for them to be putting you through this. Your IT dept doesn't know their arse from a shotgun barrel.
I'm unemployed at the moment - would they like me to come and show them how the internet works?
All I can say is keep your chin up, and enjoy the time at home on their expense. Either way, as has been said before, get some form of representation, or ask for a third party to review the evidence.
P.S. I agree with druidh - ignore the malware issue, this is completely normal browser behaviour.
Zedsdead - where are you? If there is a local STWer who knows their beans on this, could they pop up on Monday at 11am?
I would also get in touch with a union if you can asap.
I would also be making a note of exactly what is said, what evidence is presented etc etc
Zed - are you in a union? They should be able to help if you are. If you aren't tell your employers you are postponing the meeting until you can get some legal advice / representation. Suggest Tuesday and then spend Monday trying to get some proper legal help.
On a practical note, this single page is made up of content / links / analytics from at least 4 different domains - stw, vimeo, doubleclick and google analytics.
Guardian home page is about 8
Mleh Forum Page - well at least one of the links looks INTERESTING
[b][i]http: //dontclickthis.whatingods.name/1168702253-CatDefendsFoodFromDog.gif[/i][/b]
http: //farm4.static.flickr.com/3086/3196531617_922354d212_t.jpg
I've got a screen grab of the log - that is where your problems are - stumo's avatar hosting on Mleh.
Email me stw'at'mtbperthshire.co.uk if you need some direct help / explanation.
Bit late tonight but do the Citizen's Advice Bureau work on Saturdays?
Doubt they'd be able to offer much if any more advice than people have here, but it's another angle...
Really hope you get this one sorted to YOUR satisfaction as it sounds as though you are having a shite time of it.
Julian
Zedsdead - wherabouts are you based? IIRC it is central scotland somewhare is it not? surely one of the chaps on here who understands these things could help / go to the meeting with you?
Zed - it's easy to explain what has happened.
Try not to worry - email me direct if you want something in writing.
it's not unreasonable to ask for the meeting to be postponed so that you can take legal advice and arrange for someone to accompany you
Thanks everyone.
I'm just outside Glasgow, South Side. I'm not in a union as everywhere I've ever worked won't recognise them.
Right now I'm going to drink beer so I'll be in touch tomorrow.
Many thanks
Start the meeting with do you mind if I record this. Placing recording device on the desk as you say it?
If they do not have actual proof of you viewing specified images then they've got no leg to stand on.
Have they quarantined your PC? If not then it's all over. Hell, I'd be prepared to travel up to Glasgow just to see their faces as the detail is laid out to them.
The 17 sites in a minute thing is easy. I could put 17 links in this post, and when you browsed it, you'd actually be opening 17 sites.
160 websites is my record with my Firefox in one go as I was attempting to crash it but it didn't. D'oh! Took me ages to close them down later.
๐ฏ
I would be willing to offer support as well. I'm out of practice as a union rep and my knowledge of IT stuff like this could be written on the back of a stamp - but you have my e mail if you want my help
" geoffj - Member
Zed - are you in a union? They should be able to help if you are. If you aren't tell your employers you are postponing the meeting until you can get some legal advice / representation. Suggest Tuesday and then spend Monday trying to get some proper legal help.
On a practical note, this single page is made up of content / links / analytics from at least 4 different domains - stw, vimeo, doubleclick and google analytics.
Guardian home page is about 8
Mleh Forum Page - well at least one of the links looks INTERESTING
http: //dontclickthis.whatingods.name/1168702253-CatDefendsFoodFromDog.gif
http: //farm4.static.flickr.com/3086/3196531617_922354d212_t.jpg
I've got a screen grab of the log - that is where your problems are - stumo's avatar hosting on Mleh.
Email me stw'at'mtbperthshire.co.uk if you need some direct help / explanation. "
You have no idea of the weight you have lifted off my heart geoffj, to me this explains what has been happening. It certainly looks like IT have no idea of what they are doing, they don't even seem to know how the internet works.
We're about to head out with the kids but I'll be in touch when I return this evening.
Many many thanks.
Yup, your IT people don't seem to understand basic concepts about how the WWW works! I guess they just looked at the URL for stumo's avatar in the web access logs, did some more digging at "dontclickthis.whatingodsname....", found dodgy stuff then put 2 and 2 together and got 85.
I did'nt know they had internet access at Burger King ๐
--
Seriously though. You'll be OK for sure.
Zed - I have a little compendium of explanation and screen grabs for you. Let me know your email address and I'll fire it through to you.
Geoff
Thanks Geoff,
I've just emailed you from my home address.
"Yup, your IT people don't seem to understand basic concepts about how the WWW works! I guess they just looked at the URL for stumo's avatar in the web access logs, did some more digging at "dontclickthis.whatingodsname....", found dodgy stuff then put 2 and 2 together and got 85. "
Thing is all they have is the basic address not a URL so the head of HR just picked out random files. The more I think about it the more shocked and disgusted I am at how they have treated me. I think I shall be looking for a new job with immediate effect...
Zed - have mailed you back.
Geoff, that is brilliant! I've mailed you back.
I haven't mailed either of you.