Lawyer representing whistle blowers finds malware on drive supplied by cops

An Arkansas lawyer representing current and former police officers in a contentious whistle-blower lawsuit is crying foul after finding three distinct pieces of malware on an external hard drive supplied by police department officials.

The hard drive was provided last year by the Fort Smith Police Department to North Little Rock attorney Matt Campbell in response to a discovery demand filed in the case. Campbell is representing three current or former police officers in a court action, which was filed under Arkansas' Whistle-Blower Act. The lawsuit alleges former Fort Smith police officer Don Paul Bales and two other plaintiffs were illegally investigated after reporting wrongful termination and overtime pay practices in the department.

According to court documents filed last week in the case, Campbell provided police officials with an external hard drive for them to load with e-mail and other data responding to his discovery request. When he got it back, he found something he didn't request. In a subfolder titled D:\Bales Court Order, a computer security consultant for Campbell allegedly found three well-known trojans, including:

Win32:Zbot-AVH[Trj], a password logger and backdoor
NSIS ownloader-CC[Trj], a program that connects to attacker-controlled servers and downloads and installs additional programs, and
Two instances of Win32Cycbot-NF[Trj], a backdoor

All three trojans are usually easily detected by antivirus software. In an affidavit filed in the whistle-blower case, Campbell's security consultant said it's unlikely the files were copied to the hard drive by accident, given claims by Fort Smith police that department systems ran real-time AV protection.

http://arstechnica.com/security/2015/04/lawyer-representing-whistle-blowers-finds-malware-on-drive-supplied-by-cops/