Parents shocked by priestly PowerPoint pr0n

'No crime committed' says church


Parents in Northern Ireland were shocked when a priest's PowerPoint presentation in preparation for their children's First Holy Communion displayed gay pornography.

Father Martin McVeigh, the local Catholic priest, was giving the presentation to parents (and one child) at St Mary's School in Pomeroy when he inserted a USB stick into his computer. Images of men in various states of undress were then displayed via the school projector (16 in all, suggesting that someone wasn't too shocked to count) before McVeigh realized what was wrong.

"He was visibly shaken and flustered," parents told the BBC. "He gave no explanation or apology to the group and bolted out of the room. The co-ordinator and the teachers then continued with the presentation. Twenty minutes later he returned, he continued with the meeting and wrapped up by saying that the children get lots of money for their Holy Communion and should consider giving some of it to the church."

First Holy Communion is an important event for Catholics, during which children first partake in the ritual of transubstantiation, in which the church's collection of wafers and wine is transformed into the actual body and blood of Jesus Christ – at which point communicants eat the body bits, but not always have the opportunity to imbibe the fermented, grape-based blood.

Certainly there's nothing in the Catholic ceremony requiring the introduction of gay pornography, and it could be argued that McVeigh had inadvertently launched a presentation centered on the sin of Onan, who spilled his seed rather than obeying the law and impregnating his sister-in-law. (God was not amused.)

"Inappropriate imagery was inadvertently shown by a priest at the beginning of a PowerPoint presentation, causing concern to those present," said Cardinal Brady, the head of the Catholic Church in Ireland, in a statement. "The priest has stated that he had no knowledge of the offending imagery. The archdiocese immediately sought the advice of the PSNI who indicated that, on the basis of the evidence available, no crime had been committed. The priest is co-operating with an investigation of the matter on the part of the archdiocese."

Before people rush to judge Father McVeigh, however, it's not clear if the offending images were manually stored on the USB stick and appeared due to AutoRun, or if this was a pop-up window caused by malware. The latter is still very common, usually picked up at websites unrelated to those subjects it advertises, and often over-reacted to, as the tragic case of former US teacher Julie Amero demonstrates.

In 2004 Ms. Amero was a school teacher in Connecticut giving a presentation to ten of her pupils when pop-up windows began displaying porn on her computer. She was suspended and then convicted three years later on four counts of risk of injury to a minor – charges that could carry up to 40 years in prison.

Luckily for Ms. Amero, some members of the computer-security industry decided to take up her case, and found that the school-issued PC was a Windows 98 SE machine with IE 5 and an expired antivirus subscription, and she had picked up porn-producing malware from visiting a website discussing hairstyles.

The judge ordered a retrial and Ms. Amero escaped with a $100 fine. She still lost her teaching license, however. ®

Similar topics


Other stories you might like

  • Emotet malware gang re-emerges with Chrome-based credit card heistware
    Crimeware groups are re-inventing themselves

    The criminals behind the Emotet botnet – which rose to fame as a banking trojan before evolving into spamming and malware delivery – are now using it to target credit card information stored in the Chrome web browser.

    Once the data – including the user's name, the card's numbers and expiration information – is exfiltrated, the malware will send it to command-and-control (C2) servers that are different than the one that the card stealer module uses, according to researchers with cybersecurity vendor Proofpoint's Threat Insight team.

    The new card information module is the latest illustration of Emotet's Lazarus-like return. It's been more than a year since Europol and law enforcement from countries including the United States, the UK and Ukraine tore down the Emotet actors' infrastructure in January 2021 and – they hoped – put the malware threat to rest.

    Continue reading
  • Symbiote Linux malware spotted – and infections are 'very hard to detect'
    Performing live forensics on hijacked machine may not turn anything up, warn researchers

    Intezer security researcher Joakim Kennedy and the BlackBerry Threat Research and Intelligence Team have analyzed an unusual piece of Linux malware they say is unlike most seen before - it isn't a standalone executable file.

    Dubbed Symbiote, the badware instead hijacks the environment variable (LD_PRELOAD) the dynamic linker uses to load a shared object library and soon infects every single running process.

    The Intezer/BlackBerry team discovered Symbiote in November 2021, and said it appeared to have been written to target financial institutions in Latin America. Analysis of the Symbiote malware and its behavior suggest it may have been developed in Brazil. 

    Continue reading
  • HelloXD ransomware bulked up with better encryption, nastier payload
    Russian-based group doubles the extortion by exfiltrating the corporate data before encrypting it.

    Windows and Linux systems are coming under attack by new variants of the HelloXD ransomware that includes stronger encryption, improved obfuscation and an additional payload that enables threat groups to modify compromised systems, exfiltrate files and execute commands.

    The new capabilities make the ransomware, first detected in November 2021 - and the developer behind it even more dangerous - according to researchers with Palo Alto Networks' Unit 42 threat intelligence group. Unit 42 said the HelloXD ransomware family is in its initial stages but it's working to track down the author.

    "While the ransomware functionality is nothing new, during our research, following the lines, we found out the ransomware is most likely developed by a threat actor named x4k," the researchers wrote in a blog post.

    Continue reading
  • Symantec: More malware operators moving in to exploit Follina
    Meanwhile Microsoft still hasn't patched the fatal flaw

    While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.

    Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.

    In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

    Continue reading
  • Clipminer rakes in $1.7m in crypto hijacking scam
    Crooks divert transactions to own wallets while running mining on the side

    A crew using malware that performs cryptomining and clipboard-hacking operations have made off with at least $1.7 million in stolen cryptocurrency.

    The malware, dubbed Trojan.Clipminer, leverages the compute power of compromised systems to mine for cryptocurrency as well as identify crypto-wallet addresses in clipboard text and replace it to redirect transactions, according to researchers with Symantec's Threat Intelligence Team.

    The first samples of the Windows malware appeared in January 2021 and began to accelerate in their spread the following month, the Symantec researchers wrote in a blog post this week. They also observed that there are several design similarities between Clipminer and KryptoCibule – another cryptomining trojan that, a few months before Clipminer hit the scene, was detected and written about by ESET analysts.

    Continue reading
  • Chinese-sponsored gang Gallium upgrades to sneaky PingPull RAT
    Broadens targets from telecoms to finance and government orgs

    The Gallium group, believed to be a Chinese state-sponsored team, is going on the warpath with an upgraded remote access trojan (RAT) that threat hunters say is difficult to detect.

    The deployment of this "PingPull" RAT comes as the gang is broadening the types of organizations in its sights from telecommunications companies to financial services firms and government entities across Asia, Southeast Asia, Europe and Africa, according to researchers with Palo Alto Networks' Unit 42 threat intelligence group.

    The backdoor, once in a compromised system, comes in three variants, each of which can communicate with the command-and-control (C2) system in one of three protocols: ICMP, HTTPS and raw TCP. All three PingPull variants have the same functionality, but each creates a custom string of code that it sends to the C2 server, which will use the unique string to identify the compromised system.

    Continue reading
  • Chinese 'Aoqin Dragon' gang runs undetected ten-year espionage spree
    Researcher spots it targeting Asian government and telco targets, probably with Beijing's approval

    Threat researcher Joey Chen of Sentinel Labs says he's spotted a decade worth of cyber attacks he's happy to attribute to a single Chinese gang.

    Chen has named the group Aoqin Dragon, says its goal is espionage, and that it prefers targets in Australia, Cambodia, Hong Kong, Singapore, and Vietnam.

    The gang is fond of attacks that start by inducing users to open poisoned Word documents that install a backdoor – often a threat named Mongall or a modified version of the open source Heyoka project.

    Continue reading

Biting the hand that feeds IT © 1998–2022