At 12:00 PM 6/11/2001 -0700, John Young <jya@pipeline.com> wrote: Much deleted.
Technically a worm, the virus is of unknown origin and was spotted by computer security companies on May 22. It arrives as an attachment to an e-mail message titled, "FWD: Help us ALL to END ILLEGAL child porn NOW." When a recipient opens the attachment, child pornography statutes appear on screen. The program then searches the user's hard drive for picture files that have pornographic-sounding names and then sends an e-mail message and a list of suspect files to a law enforcement agency picked at random from the program's database.
"Hi," the message sent to the police says: "This is Antipedo2001. I have found a PC with known child pornography files on the hard drive. I have included a listing below and included a sample for your convenience."
The virus also sends out copies of itself to addresses in the victim's e-mail address book.
Apart from the program's invasive nature, virus experts question the results the program sends out.
Its search software is apt to falsely identify files as containing child pornography, said Stephen Trilling, director of research at the Symantec Anti-Virus Research Center in Santa Monica, Calif., which suggests that the results could cause irreparable harm to run-of-the-mill computer owners if the results are acted upon.
While law enforcement agencies cannot search an individual's computer without a warrant, they can act on a tip. The F.B.I., one of the agencies on the Noped list, would not say if it had received tips from this virus program. A Justice Department lawyer said that law enforcement officials could legally conduct a search based on the tip, but added, "That's a very different question from `would law enforcement ever open an investigation based on that information?' "
Perhaps most troubling, legal experts say, is the havoc that the virus could wreak on the reputation of people with no involvement in child pornography.
"There is no telling how far this information might spread," said Stephen J. Davidson, a lawyer and spokesman for the Computer Law Association. Local news organizations could report that a parent was under investigation as a pedophile, he said, "all resulting from an unwarranted and illegal entry to your private computer."
It appears that one effective way to combat such a virus is with disinformation. Approach 1: Merge one of those "50 million Internet address lists" and random listing of possibly pedo file names which the virus might have flagged and generate email. Generate forged emails from these addresses and mail notifications to random addresses from the virus' LE address list. Approach 2: Release another virus which generates false reports from any of the users it infects. steve