Email worm attacks child porn
Published: 29 May 2001 16:18 BST
An email virus that seeks out images of child pornography on systems running Microsoft Windows and alerts government agencies to positive findings, has been released by hackers intent on cleaning up the Internet.
The worm dubbed "Noped", encrypted as Visual Basic Script (VBS) code, arrives as an attachment to an email entitled "FWD: Help us all to end illegal child porn now." Once executed, the virus searches all hard drives for JPEG files possessing names that indicate they may contain child pornography.
Noped comes bundled with a list of government and police email addresses that it will send a random alert to if it discovers a match for one or more of the JPEG file names listed in the script. The attached file is named "END ILLEGAL child porn NOW.TXT...vbs", with a string of a dozen dots helping to obscure the fact that it ends with the executable ".vbs" extension and not ".TXT". The worm also displays a lengthy document detailing what it claims are international laws concerning child pornography.
But police inspector Terry Jones, of Manchester Police's Obscene Publications Unit, has confirmed that British police departments will not be responding to the worm alerts, as the reports would fail to meet evidence standards. "This is not an approach that we would advocate, as child pornography is a delicate area to investigate, and we must have reasonable cause to suspect our evidence has been gathered ethically."
Antivirus company Symantec is reporting that the virus only offers a level two threat, and that it expects to see less than a hundred infections reported. "The virus is currently not that wild -- companies should have updated their virus definitions by now, so that if it spreads, they will be safe," said Andre Post, researcher at Symantec.
Noped appears less malicious than the prolific Homepage worm that infected scores of companies earlier this month. Like Noped, Homepage was written in Visual Basic script. When launched, the Homepage attachment automatically forwarded the same email to all the people in a victim's address book, and simultaneously opened one of four pornographic Web pages on the person's computer.
Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.
See also: ZDNet UK's Net Crime News Section.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet news forum.
Let the editors know what you think in the Mailroom. And read other letters.
Did you find this article useful?
24 out of 46 people found this useful
- Share this article:
