Another IT Manager here…

Well it wouldn’t be the first time. A few months ago a couple of people in the office got viruses via facebook. ‘I found a video of you’ or something? They took them away to fix but still didn’t update the offices software.

If they’re this lax then you could have all sort of viruses, etc running on your system/computer/etc – They’d be on very shaky grounds if they tried to fire you for something like this when they can’t prove it isn’t a virus. I’d suggest collecting any evidence you can about poor IT practices just in case to back you up.

Remember, most people are scared of IT and will not want to take the risk of firing you if they feel that they could be challenged in court and this would seem to put you in good stead even if in the worst case it means that you get an official warning (though if it was me I’d even be challenging that)

IanMunro:

Dead polar bear pron?

Niche-tastic.

Zedsdead – I would point out your good character in your meeting with HR, as a Scout leader I know how important CRB checks are! Also, as been said before its their responsibility to prove it was you and not a virus. I sense that they want to find a scapegoat.

Sorry to hear you’re having a hard time with this, it sounds like an awful situation to be in. As an IT system admin I can let you know that if I had admin access (like most of your IT staff do) over your PC then I could connect to your PC from another PC without you knowing and deposit files in your folders and then clear the event log of most of the evidence that i had connected. Someone would have to be pretty strange to do this type of thing. Are you using a laptop? if bluetooth was turned on someone might have bluejacked your laptop and be using it illegally. Alternatively is you use wireless or have a wireless network in your office then someone could have connected to that and hacked your PC. Most of the time companies will no change the wireless network key when an employee leaves the company, they should. He could sit outside the office with a laptop and connect to the work network and do some damage.

I suppose they’d need to provide evidence of times and dates of when these sites were visted, it strikes me as strange that your work actually allow these types of sites to be viewed at all!! Most places have the internet locked down so you can’t even get onto facebook!.

I hope this clears up for you.

Zedsdead,

Basically your PC is infected / hijacked / hacked by malwares as simple as that.

What it does is to high behind your system to download or to use your company site as “storage”, bandwidth etc …

I suggest not to use your PC for sensitive work as it could even be stealing information.

Your company’s IT security must be asleep to let the system get infected and to turn into Zombies …

You are NOT to be blamed as anyone can get infected by “drive-by-infection” simply by searching / googling for information. Most company still use stupid IE brower …

If your company is using IE browser then that is lame …. tell them to start using Firefox with NoScript extension as bare minimum.

The people to be blamed are the IT people for poorly maintaining the IT security.

If they are trying to blame it on you then get some IT security experts to act as independent investigators to find out where the system breach started in the first place.

FFS! Your IT people should have a list of updated sites IP addresses that are permanently blocked.

Thanks everyone, this is helping me a lot. I’ve never been in such a stressful situation!

There is some form of filtering software as nobody can access the likes of facebook etc. I’m using a desktop machine, our network is a Novell server and that’s about as far as my knowledge of it all goes. And yes, they use Internet Explorer.

This morning I was wondering (I have a lot of time to think just now) if someone could be putting something on my machine? But then I find that pretty weird behaviour for someone?

I also find it weird that a site like that could be accessed at all at any work place. Having never seen it until I got home, it’s not something I have any interest in.

It’s most weird that your firm is in one respect taking this seriously (they’ve sent you home) and in another respect don’t seem to know their asses from their elbows (havent provided any “real” evidence that you did this). Sounds like a dodgy company, with an even dodgier IT infrastructure and a really crap HR dept. Good luck, dont let it get you down. Truth will prevail, if it doesnt then a tribunal will see sense. Just make sure you keep posting updates, there are loads of IT folk on here who have vastly more knowledge than the cowboys at your work.

I will indeed keep you posted.

The knowledge on here is a great help as my knowledge on this is pretty much nil.

I’m about to get in touch with a colleague who a good while ago was having various problems with his PC. Programms would crash all the time etc. I’m seem to recall that IT tried running spybot – nothing found and problems persisted. They tried something else and it got worse. In the end I think they just took it away and formatted the machine and then returned it?

Cheers

If your company is using IE browser then that is lame …. tell them to start using Firefox with NoScript extension as bare minimum.

That would go down like a lead-balloon at my place. I doubt IT would appreciate the ‘advice’ from somebody who has admitted that they don’t understand this stuff. Strangely my employer runs IE just fine (although I choose not to at home)

I get this alot, “IE is crap” “dont use it” etc

IE is the only browser that can be centrally managed and updated in corporate environments. The hundreds of config and security settings can be controlled by group policies very quickly and easily. And how would a corporate cope with patch management if they used Firefox?

Bottom line, IE is the only candidtate for big firms who take control and security seriously.

Do I use ie at home, no, would I consider using non-ie browsers at my firm, no

Get your collegue to check Help and About in IE, get the whole version number. This should be something line 7.0.5730.11 and will tell you how up to date the security updates in IE are. Also, what brand Anti Virus are you running, and when was it last updated? If you can get your collegue to check Windows Update on ANY PC in the office this would be a good gauge to see how patched the PC’s are too. I suspect everything is out of date and vulnerable to attack.

I get this alot, “IE is crap” “dont use it” etc

IE is the only browser that can be centrally managed and updated in corporate environments. The hundreds of config and security settings can be controlled by group policies very quickly and easily. And how would a corporate cope with patch management if they used Firefox?
That’s all very true, and here (5000+ users) we use IE. BUT, in this case, the IT dept seem not to have much of a clue and any form of centralised management is beyond them. Centralised management is the only reason to use IE, otherwise it’s slow, unreliable, insecure bloatware that I wouldn’t dream of using on my home machine (which is Linux, so it’s a moot point anyway).

Totally agree, they seem too lax in their approach to IT to then be bothered enough to send the guy home. Very strange

as TandemJeremy hasn’t popped ‘in’ I’ll say it….’can you join a union’ / get some professional advice (not us lot!)- especially if your employer might use this to reduce their head-count.
May I suggest another post e.g. ‘Employment Law Help Required’ as you might attract a different crowd to your post.

I have an update – I shall post it later when I get the chance.

Right, I have some form of report through the post now. The letter states ‘you viewed sites showing pornographic and grotesque images such as; dontclickthis.whatingods.name & meatrolled’

Now, I know this is not the case. The meatrolled is a new one to me too.

They have given me a list which is some sort of log and goes like this:

04/03/2009 12:21 dontclickthis.whatingods.name (then IP address) my name, my office, file size

The list continues, in the space of one minute there is:

mlehworld.com (yes, I use this)
ww.scotroutes.com (never heard of)
images.fotopic.net (I know what this site is)
ww.comedy-zone.net (never heard of)
i41.tinypic.com (never heard of)
ww.meatrolled.com (never heard of)
ww.infoslash.net (never heard of)
ww.infoslash.net (it’s on twice)
files.adbrite.com (never heard of)
ads.grx.adbrite.com (never heard of)
ads.adbrite.com (never heard of)
graphics.pop6.com (never heard of)
banners.adultfriendfinder.com (never heard of)
ww.meatrolled.com (never heard of)
graphics.adultfriendfinder.com (never heard of)
ww.meatrolled.com (again)
ww.meatrolled.com (again)

Then 2 minutes later it’s hotmail, which I have an account with.

I’ve looked at 17 sites in one minute! What on earth is going on here? I use Mlehworld both at work and at home, never had a problem. What I don’t understand is that everyone of the other sites I have no idea of? This is all I have from them.

I’m now finding it all very bizzarre, I still don’t have a clue what’s going on and from looking through the list they have given me I know for sure that I have not seen, been or done any of this!

Can anyone shed some light on this for me please?

Many thanks

Please note – I have edited the www so that they don’t link. I haven’t looked at any of them and don’t intend to. I don’t want anyone here clicking them.

I am not too up on the technicalities but I think certain files and links are opened when you visit certain sites (it could be from Mlehworld but not sure). I am pretty sure that the ‘ads.adbrite.com’ is an advert on a page like the ones at the top of this page.

Someone will no doubt be along shortly to confirm/ridicule me!

That is a list of requests made from your browser – doesn’t mean that you made them.

When you load up a page, if there are links to other sites for in-line images, ads etc. the browser makes them without your intervention. That is what that list looks like. If they are allowing scripts through the firewall, then it’s even worse.

I would second the suggestion of getting a union rep involved if you can. That evidence needs to be reviewed carefully.

Ok – I’ve just had a look.

Those dontclickthis domains are where some users on mlehworld forums are hosting their avatars.

So basically, when you go into a forum topic, your browser requests all the users avatars and the inline pics – hence all the weird and wonderful domains.

*Edited to remove the scotsroute bit*

Someone’s hopped onto your PC whilst you turned your back

or

You machine has unknown malicious software installed

or

You did this yourself

or

They’ve falsified the logs

You never clarified the points regarding your firm’s patch management, or the anti virus, or the how strict your password policy is?? This would be useful if you want anymore advice mate 😕

Agree with the last poster, no harm in doing another post headed Empolyment Law Advice etc

what shakey said. It sounds like a load of hooey to me – I’m not sure your IT department know what they’re doing.

It looks there’s been a host of pop-up windows opened linking through a lot of the above sites. Does their url list show clicks through a particular site?

There’s nothing you can do if an ‘innocent’ (ie. mlehworld) webpage opens a popup (via an advert or scripting) to abadpornsite.comy – you’re going to get stuck with that url on your log. This could be done via malware or viruses. HOWEVER – if you clicked through some of the content this would be obvious – ie. you’re on badpornsite.com/index.html and click a link to > badpornsite.com/grannysubsection.html then they’d have a case to argue.

Just my 2p’s worth. I can’t believe that they’re continuing with this on this basis. ..

If it’s going to that many sites that quickly, I’d suspect some sort of Adware or malware.

I’d be asking how your name is linked to those sites and get them to prove it

Also you must take someone else in with you to the ‘interview’. Record the interview as well

I don’t think it’s from Mlehworld as I use it at home too and have never seen any of these sites listed.

I just checked by going to it there, Mleh has no adverts at all on their site.
I’m even more confused?…

doesn’t have to be from mlehworld – could be from a dodgy spam email via hotmail.

have people been hosting dodgy images on mlehworld? When you have opened a forum thread, the images may have been embedded by a forum poster and your browser will have nipped off to the dodgy site toi collect them.

I think that will be a big part of your problem, you’re visiting a largely unpoliced forum using your work computer.

“Ok – I’ve just had a look.

Those dontclickthis domains are where some users on mlehworld forums are hosting their avatars.

So basically, when you go into a forum topic, your browser requests all the users avatars and the inline pics – hence all the weird and wonderful domains. “

Okay, this makes some sense to me now.

I’ll find out about their antivirus software and repost…

So in the interests of investigation i logged into them all, well all that aren’t pop-up and adware managers.

The only one of any significance is meatrolled.com, which is an interesting one. It locks you out, sings round and around at the top of its voice and shows a nice picture of some bird getting it. Ie advertises to all an sundry in your office that you are watching porn. It won’t let you close the window with the normal tabs, and the only option is to give it the 3 finger salute or turn off.

The site solely exists to send your mates to to get them into trouble at work. very funny, but not somewhere you would go unless sent. Unless someone was trying to screw you over.

At a guess I would say, you do indeed have a virus, trojan etc, or have been hijacked.

Best thing to do would be to ask for another computer and to have work ‘test’ yours by going to the sites that you normally visit and see what ‘appears’ as this takes place.

Or they could just be trying to **** you…

Either way you need union/legal advice from outside the company.

Zedsdead – When using Mlehworld you won’t see/know whats happening, the links are just open in the background.

When you are interviewed by HR the honesty is your best approach but as been mentioned take a witness and get it recorded.

Seems like your IT dept are good at recording this kind of activity but not at preventing it!

udging by the number of ads.xxx and imnages.xxx I’d hazard a guess that mlehworld.com is hosting adverts that are links to the advertised site.
Specifically, i’d look at adultfrienfinder as your problem. I’ve seen it before and it’s a sex-related site advertised using pictures of naked or near-naked women, no more offensive than say, page 3 of The Sun, but what with breasts and nipples being on display that may be enough to trigger an “obscenity” alert for someone. And, as it’s a site that let’s you sign up to meet “singles for sex in your area”, the context may be your problem.
At home, I would check mlehworld, look at the adverts, are there any iffy ones, if so follow the links to be aware of the context of the adverts so you can at least know what their problem is. Also, if the site id advertising dodgy adult material, then it probably is a dodby site and those files you downloaded were done by the site, not you. your IT people should be aware of this, and you should point this out to you manager/HR people.
Standard practice (for me anyway)was always to havea look at anything suspect and try to place it in a context, but I’ve also assumed that most people are not so think they would download porn at work so there’s a reason why this is happeneing – check it out before assumming the worst.

All the best with it.

Seems like your IT dept are good at recording this kind of activity but not at preventing it!

That’s for sure.

That list is also only for top level domains – if they have the complete url that was used at that time e.g. http://mlehworld.com/forum/viewtopic.php?t=xxxxx just entering that into a browser will show them how the images were loaded.

..and another thing WTF are they doing letting you use Hotmail at work? Mail should come through the business mail server and be scanned for viruses on arrival. Opening your systems up to Hotmail (or any external webmail) is competely amateur. Do they not know ho viruses spread?

Well you’d be hard pushed to spread a virus from hotmail unless your internal IT team doesn’t keep the AV software up to date or you were allowed to download the email to your PC but again, AV usually sorts that out.

MSN Messenger is far more invasive.

..if someone sends you a file and you open said file, where do any macros or programs execute? AV will sort that out as long as a -it’s up to date, which given by what I’ve read so far, I’d doubt, and b – the AV software recognises the virus, which isn’t always the case, and as IT in this case seems to be of the cheapo variety, the AV software may not be the best.

If I wanted to spread a virus, hotmail is one place I’d start.

Zedsdead – could be mleh avatars though. While mleh has no adverts or popups or any of that kind of trash, ppl like forky have all kinds of stuff as avatars from all kinds of places …

Do you use worksafe at work? If not you should. I do. Under ‘profile’. Only the full hilarity can be unfolded at home.

oh and never never click the pictures of cute fluffy bunnies i post.

tard.

Zedsdead – Member

The list continues, in the space of one minute there is:

mlehworld.com (yes, I use this)
http://www.scotroutes.com (never heard of)

Scotroutes.com is my domain. If you’ve been browsing mlehworld and are using a profile which shows avatars, it’s likely you’ve been linked to one of mine.

torsoinalake – Member

*Edited to remove the scotsroute bit*

Give me a clue?

I should also re-iterate – there are no ads on mlehworld, so none of those urls are linked to it – neither is adultfriendfinder. As for the other “dodgy” images you’ve talked about, it sould like someone has seen the site list and then randomly browsed the dontclickthis domain. That doesn’t mean you saw any of the dodgy images. Ask for the full URL, and get them to check the cache on your machine – any browsed images will likely still be in there too.

Thanks, on my work PC some avatars are little red X’s. I know wwe can’t get Flickr etc so I figure this is why?

re: the dodgy images, funnily enough a mate said the same thing, he reckons they’ve just clicked on a few. They’re pretty random things!

I don’t know the full url – they didn’t give me it. I don’t think they have it either. However I know I haven’t looked at or seen anything like that so I know I can back that up if I get on my pc and look at the history. I also sit right next to a couple of people so they would also have seen it.

Here’s another thing,

I start around 7am everyday. I know we aren’t to abuse the use of internet (ie; use it too much) so I don’t. I only use it at lunch time. So if I really wanted to abuse my pc at work why would I wait until lunchtime in an open plan office? It would be better for me to do it in the morning surely as no one else starts until 9.

This is driving me mad. It’s making me pretty angry too….

Oh yeah, our software is ‘virus scan enterprise’ It hasn’t updated since some time last year.
Everyone always gets the message on their PC that it’s out of date. But it doesn’t connect to update etc. Hasn’t for months…

Zedsdead – Member

Thanks, on my work PC some avatars are little red X’s. I know wwe can’t get Flickr etc so I figure this is why?

re: the dodgy images, funnily enough a mate said the same thing, he reckons they’ve just clicked on a few. They’re pretty random things!

I don’t know the full url – they didn’t give me it. I don’t think they have it either.

Perfect. Tell them to go take a hike. Just because there’s some dodgy images on a site, that doesn’t mean you’ve actually looked at them FFS.

PS – do you have a mleh login? If so, you should set your profile to “worksafe”

Your firm should be focusing on their shitty IT not the end-users. Do you mean your AV software is McAfee VirusScan Enterprise? I think you’re being used a a scapegoat mate, better get some employment-law advice. If you can get the full internet explorer browser version like I said yesterday, I’ll be able to confirm that the browser is unpatched, which if your AV is out of date means there will be any number of malware/viruses etc on your PC. Get a collegue to check Windows Update on another PC to see what High Priority Update/Critical Updates are outastanding. I think that ultimately in this situation the best form of defence is attack, get all the facts outlining their lax security and be very clear that this wasnt your doing and you will take this as far as you need to legally.