CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Tech Industry

New worm sniffs out child porn

An e-mail worm that seeks out images of child pornography on PCs and alerts government agencies to positive findings has been released by British hackers.

An e-mail worm that seeks out images of child pornography on PCs and alerts government agencies to positive findings has been released by British hackers intent on cleaning up the Internet.

The worm, dubbed "Noped," is an encrypted script using Microsoft's Visual Basic language. It arrives as an attachment to an e-mail message entitled "FWD: Help us all to end illegal child porn now." Once executed, the virus searches all hard drives for JPEG graphics files possessing names that indicate they may contain child pornography.

see special report: Year of the Worm Noped comes bundled with a list of government and police e-mail addresses that it will send a random alert to if it discovers a match for one or more of the JPEG file names listed in the script. The attached file is named "END ILLEGAL child porn NOW.TXT...vbs," with a string of a dozen dots helping to obscure the fact that it ends with the executable ".vbs" extension and not ".txt." The worm also displays a lengthy document detailing what it claims are international laws concerning child pornography.

But Inspector Terry Jones of the Obscene Publications Unit in the Manchester, England, police department, has confirmed that British police will not be responding to the worm alerts, as the reports would fail to meet evidence standards. "This is not an approach that we would advocate, as child pornography is a delicate area to investigate, and we must have reasonable cause to suspect our evidence has been gathered ethically."

Antivirus software company Symantec ranked the virus as a "low" and said it expects to see less than a hundred infections reported. "The virus is currently not that wild--companies should have updated their virus definitions by now, so that if it spreads, they will be safe," said Andre Post, a researcher at Symantec.

Noped appears less malicious than the prolific Homepage worm that infected scores of companies earlier this month. Like Noped, Homepage was written in Visual Basic script. When launched, the Homepage attachment automatically forwarded the same e-mail to all the people in a victim's address book, and simultaneously opened one of four pornographic Web pages on the person's computer.

Staff writer Wendy McAuliffe reported from London.