Millionaire 'carried out sexual assault on mother-of-two while his own CCTV system recorded attack'

By Chris Brooke
Last updated at 1:49 AM on 16th April 2009

A millionaire businessman was caught on his own CCTV system allegedly attempting to rape a terrified mother-of-two at his luxury mansion, a court heard.

David Atherton, 51, sexually assaulted the 49-year-old woman in his kitchen before threatening to drown her in his swimming pool, it was alleged.

She managed to escape semi-naked to her car, but he snatched the keys off her as she tried to drive away and the victim eventually raised the alarm by flagging down a passing motorist, Leeds Crown Court heard.

Atherton, who made a fortune selling his internet retail business, was a drug addict who was said to have carried out the attack in a 'drugged and or drunken state'.

James Goss, QC, prosecuting, said he had become 'paranoid' through his long-term cocaine addiction.

He believed there was a 'bent police' conspiracy against him involving the woman, with secret passages within the walls of his home and people filming him.

He had installed an intricate CCTV system at his recently renovated £1.5million home in Bolton, with cameras triggered by movement both inside and outside the property.

Images from these cameras allegedly showing the violent sex attack were shown to the jury.

Atherton denies attempted rape, two sex assaults, making threats to kill and false imprisonment.

Mr Goss said the defendant 'has been a successful businessman' and became 'very rich' as a result.

Atherton, who has a grown-up daughter from his former marriage, lived alone at the time of the incident on August 17 last year.

He knew the victim, who drove to his house at his request following a shopping trip. Once in the kitchen the woman was subjected to an unprovoked and violent sex attack in full view of one of his security cameras.

The court heard he 'forced her to the floor and ripped her jeans off' before sexually assaulting her.

Throughout the three-minute attack she was 'crying and telling him to get off'.

He also slapped and punched her and got her in a head-lock, the court heard.

The woman was wearing no underwear and was naked from the waist down when he then took her to the swimming pool.

Mr Goss said he told her he would 'take her to the pool to kill her' and told the woman to take her top off.

But she managed to break free and ran outside to her Range Rover with Atherton in pursuit. The CCTV camera outside showed how Atherton struggled at the car doorway for about 20 minutes, allegedly trying to stop her escaping.

During the tussle, the woman was 'screaming' at Atherton who 'kept throwing things out of the car'.

At one point, she reversed the vehicle with him 'hanging on.' Eventually he snatched the ignition key and went back in the house.

The woman put on a pair of pyjamas she had bought during her earlier shopping trip and ran down the driveway.

She was 'crying and distressed' and asked the first motorist who stopped to phone the police.

The woman was taken to hospital where she was found to have bruising to her jaw, a swollen and bruised neck and bruised thigh.

Police arrested Atherton in an apparently 'intoxicated state'. He was interviewed by police and handed in a statement in which he claimed the woman was a ' prostitute and drug dealer' who had a 'preference for rough sex and simulated rape'.

He said she had 'fully consented' to the incidents caught on camera, which were not sex attacks but a 'simulated sex session'.

In 2006 Atherton sold his business Dabs.com, selling computers and electronic equipment online, to BT for a reported £30 million.

http://www.dailymail.co.uk/news/article-1170271/Millionaire-carried-sexual-assault-mother-CCTV-recorded-attack.html?ITO=1490

Stealthy Rootkit Slides Further Under the Radar

By Jeremy Kirk, IDG News Service - Wed Apr 15, 2009 2:20PM EDT

Thousands of Web sites have been rigged to deliver a powerful piece of malicious software that many security products may be unprepared to handle.

The malicious software is a new variant of Mebroot, a program known as a "rootkit" for the stealthy way it hides deep in the Windows operating system, said Jacques Erasmus, director of research for the security company Prevx.

An earlier version of Mebroot, which is what Symantec named it, first appeared around December 2007 and used a well-known technique to stay hidden. It infects a computer's Master Boot Record (MBR). It's the first code a computer looks for when booting the operating system after the BIOS runs.

If the MBR is under a hacker's control, so is the entire computer and any data that's on it or transmitted via the Internet, Erasmus said.

Since Mebroot appeared, security vendors have refined their software to detect it. But the latest version uses much more sophisticated techniques to stay hidden, Erasmus said.

Mebroot inserts program hooks into various functions of the kernel, or the operating system's core code. Once Mebroot has taken hold, the malware then makes it appear that the MBR hasn't been tampered with.

"When something is trying to scan the MBR, it displays a perfectly good-looking MBR to any security software," Erasmus said.

Then, each time the computer is booted, Mebroot injects itself into a Windows process in memory, such as svc.host. Since it's in memory, it means that nothing is written to the hard disk, another evasive technique, Erasmus said.

Mebroot can then steal any information it likes and send it to a remote server via HTTP. Network analysis tools such as Wireshark won't notice the data leaking out since Mebroot hides the traffic, Erasmus said.

Prevx saw the new variant of Mebroot after one of the company's consumer customers became infected. It took analysts a few days to nail down exactly how Mebroot was managing to embed itself in the operating system. "I think everyone at the moment is working on modifying their [antimalware] engines to find it," Erasmus said.

And those companies need to act fast. Erasmus said it appears that thousands of Web sites have been hacked to deliver Mebroot to vulnerable computers that don't have the proper patches for their Web browsers.

The infection mechanism is known as a drive-by download. It occurs when a person visits a legitimate Web site that's been hacked. Once on the site, an invisible iframe is loaded with an exploit framework that begins testing to see if the browser has a vulnerability. If so, Mebroot is delivered, and a user notices nothing.

"It's pretty wild out there now," Erasmus said. "Everywhere you go, you have a chance to be infected."

It's unknown who wrote Mebroot, but it appears that one aim of the hackers is to simply infect as many computers as possible, Erasmus said.

Prevx has a self-named specialized security product that works alongside antivirus software to detect drive-by browser exploits, password stealers, rootkits and rogue antivirus software.

Prevx released the 3.0 version of its product on Wednesday. The software will detect malware infections for free, but users must upgrade to get the full removal functionality. However, Prevx 3.0 will remove some of the more evil malicious software, including Mebroot, as well as any advertising software, known as adware, free of charge, Erasmus said.

http://tech.yahoo.com/news/pcworld/20090415/tc_pcworld/stealthyrootkitslidesfurtherundertheradar