Advertisement
 

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------
New worm sniffs out child porn
By Staff, CNET News.com
Wednesday, May 30 2001 07:14 AM
URL: http://www.zdnetasia.com/news/hardware/0,39042972,20082364,00.htm

An email worm that seeks out images of child pornography on PCs and alerts government agencies to positive findings has been released by British hackers intent on cleaning up the Internet.

The worm, dubbed "Noped," is an encrypted script using Microsoft's Visual Basic language. It arrives as an attachment to an email message entitled "FWD: Help us all to end illegal child porn now." Once executed, the virus searches all hard drives for JPEG graphics files possessing names that indicate they may contain child pornography.

see special report: Year of the Worm Noped comes bundled with a list of government and police e-mail addresses that it will send a random alert to if it discovers a match for one or more of the JPEG file names listed in the script. The attached file is named "END ILLEGAL child porn NOW.TXT...vbs," with a string of a dozen dots helping to obscure the fact that it ends with the executable ".vbs" extension and not ".txt." The worm also displays a lengthy document detailing what it claims are international laws concerning child pornography.

But Inspector Terry Jones of the Obscene Publications Unit in the Manchester, England, police department, has confirmed that British police will not be responding to the worm alerts, as the reports would fail to meet evidence standards. "This is not an approach that we would advocate, as child pornography is a delicate area to investigate, and we must have reasonable cause to suspect our evidence has been gathered ethically."

Antivirus software company Symantec ranked the virus as a "low" and said it expects to see less than a hundred infections reported. "The virus is currently not that wild--companies should have updated their virus definitions by now, so that if it spreads, they will be safe," said Andre Post, a researcher at Symantec.

Noped appears less malicious than the prolific Homepage worm that infected scores of companies earlier this month. Like Noped, Homepage was written in Visual Basic script. When launched, the Homepage attachment automatically forwarded the same email to all the people in a victim's address book, and simultaneously opened one of four pornographic Web pages on the person's computer.

Staff writer Wendy McAuliffe reported from London.