Re: New Worm Takes On Kiddie Porn.htm

As a parent of two small children , I must say that I am a little bit appalled by this e--mail.    If this was sent  to say WoW there is a new way to catch these sickos then fine.  But if you are warning  others about this e-mail (if it is real) then do it privately.  I for one don't want to read it.

Concerned

>>> "Roger Swalley" <res@colfax.com> 05/28 9:14 AM >>>
New Worm Takes On Kiddie Porn
     Lycos Home  |  Site Map  |  My Lycos    
     
     
     
      
     

      LOOK FOR     Wired News Wired Magazine HotBot   
     

         Print this   +   E-mail it  +   Set E-mail Alerts  




           New Worm Takes On Kiddie Porn 
            By Michelle Delio 

            10:05 a.m. May 25, 2001 PDT  
          
           A new e-mail worm that's just beginning to wiggle its way across the Internet scours infected computers for image files containing child pornography, and alerts government agencies if any suspicious files are discovered. 

            The alert e-mail contains an attached copy of one of the files that allegedly contain child pornography discovered during the worm's search of infected hard drives, and also identifies the porn possessor's e-mail address. 



           
           Get Wired News delivered to your inbox or hand-held device. 
                              Get The
                              Wired News Toolbar. It's so free we're giving it away. 
                       

                       

                  
                 
           
     
                 
                  T E C H N O L O G Y 
                  Sponsored by Ericsson phones and accessories. 
                  
                    Today's Headlines 
                  2:00 a.m. May 28, 2001 PDT   
                    
                  Dust Keeping the Lights Off

                  New Worm Takes On Kiddie Porn

                  Jobless Texans: Remember the Adea

                  Download the Blues, and More

                  Viruses? Feh! Fear the Trojan

                  Why's My Baby Wearing Her Genes?

                  Betcha Can't Diagnose Just One

                  U.S. Wooing Student Hackers

                  A Double Helix With Mars Rising

                  Defending the High Cost of Drugs

                  Nanotech Looms Large for Meds

                  Rethinking Music Security

                  Tech Confab Sheds Little Light

                  At Apple, X Is Jobs' One


                 
            
                 
                 
            See also: 
            So Many Worms, So Little Info 
            New Worm a Marketing Ploy? 
            Infostructure strengthens your backbone 
            Read more Technology news 
                 
                 
                 

            It's hard not to see the "Noped" worm as a sort of illegal social service, said Andrew Antipass, of the British security firm TechServ. 

            But Antipass is not necessarily convinced that the worm is able to reliably identify porn, and worries that the government may be inundated with false alerts. 

            "Noped is programmed to look for a list of files that contain offensive images which are available at certain websites and Usenet newsgroups," he said. "But if your image files happen to have been named with the same names as the porn files, the worm will identify you as possessing child pornography. 

            "It's not a sophisticated worm, although it's a bit brighter than most. But it's simply looking for specific names of files, not analyzing the files contents," Antipass said. 

            Vigilinx, a security assessment firm, said in a statement that the specific criteria Noped uses to identify the .jpg and .jpeg files as child pornography is not yet known. 

            But if the criteria used are similar to those employed by most search mechanisms, Noped identifies files based on specific keywords or phrases. This could result in the identification of many files on individual and organization systems that do not relate to child pornography in any way, according to Vigilinx's statement. 

            Vigilinx's statement also noted that, regardless of the worm developers' motivations, Noped is not really a good thing. 

            It illegally penetrates a computer system, violates a users privacy by creating a list of files on the system, and is "likely to cause mass mailing system problems" if the worm begins to circulate widely and clogs servers with increased traffic. 

            Noped is a Visual Basic Script (VBS) worm that arrives as an e-mail attachment. 

            The worm is coded to encrypt itself, a method of hiding its code in an effort to allow it to slip through antiviral software. 

            The e-mail containing the worm arrives with a subject header "Help us ALL to END ILLEGAL child porn NOW." The message text reads "Hi, just a quick e-mail. Please read the attached document as soon as you can. Thanks." 

            The name of the attachment, which contains the worm, is "END ILLEGAL child porn NOW.TXT." The .VBS file suffix may not appear, depending on a user's preference settings in Outlook, but the standard VBS file icon, a small scroll, is displayed on the attachment. 

            When a PC user running the e-mail program Outlook clicks on the attachment, the worm opens Notepad and displays a text file. 

            The text file displayed by Notepad contains information about the legal definition of child pornography, warns that any sexually explicit photographs of anyone 17 years of age or younger is child pornography and advises the users of the infected machines of the penalties for possessing or transmitting such images. 

            The worm also changes the user's specified home page in Internet Explorer to the virus creator's home page, makes some changes to Windows registry, and then proceeds to search all connected drives for specific .jpg or .jpeg file names. 

            If the worm finds any of the files it is looking for, it sends a message to one random recipient from a pre-programmed list of government agencies. 

            The worm, as is typical with VBS worms, also sends itself to all e-mail addresses in an infected user's Outlook address book. Noped also disables event and alert sounds. 

            To remove Noped from an infected system, delete files detected as "VBS.Noped.A@mm" and then undo the changes that it made to the registry, suggest the engineers at Symantec, an antiviral software company. Specific information on how to do this is available on Symantec's website. 

            Users can then restore their sound alerts through the system control panel and reinstate their preferred home page in Internet Explorer preferences. 



            Have a comment on this article? Send it. 
            Printing? Use this version. 
            E-mail this to a friend. 


            Related Wired Links: 

            New Worm a Marketing Ploy? 
            May 9, 2001 

            So Many Worms, So Little Info 
            April 10, 2001 

            Palestinian Crackers Share Bugs 
            Dec. 2, 2000 






            Feedback  |  Help  |  About Us  |  Jobs  |  Advertise 
            Editorial Policy  |  Privacy Statement  |  Terms and Conditions 

            Copyright * 2001 Wired Digital Inc., a Lycos Network site. All rights reserved. 

             
           
     

---------------------------------------------------------------------
Pumpkin-growing FAQ: http://www.mallorn.com/lists/pumpkins/search.cgi
To sign-off this list, send email to majordomo@mallorn.com with the
message text UNSUBSCRIBE PUMPKINS
Other Mailing lists | Author Index | Date Index | Subject Index | Thread Index