Pap Smear

Mon Jun 11 12:54:41 PDT 2001

At 12:00 PM 6/11/2001 -0700, John Young <jya at pipeline.com> wrote:

Much deleted.

>Technically a worm, the virus is of unknown origin and was
>spotted by computer security companies on May 22. It arrives
>as an attachment to an e-mail message titled, "FWD: Help us ALL
>to END ILLEGAL child porn NOW." When a recipient opens the
>attachment, child pornography statutes appear on screen. The
>program then searches the user's hard drive for picture files
>that have pornographic-sounding names and then sends an e-mail
>message and a list of suspect files to a law enforcement agency
>picked at random from the program's database.
>
>"Hi," the message sent to the police says: "This is Antipedo2001.
>I have found a PC with known child pornography files on the hard
>drive. I have included a listing below and included a sample for
>your convenience."
>
>The virus also sends out copies of itself to addresses in the
>victim's e-mail address book.
>
>Apart from the program's invasive nature, virus experts question
>the results the program sends out.
>
>Its search software is apt to falsely identify files as containing
>child pornography, said Stephen Trilling, director of research at
>the Symantec Anti-Virus Research Center in Santa Monica, Calif.,
>which suggests that the results could cause irreparable harm to
>run-of-the-mill computer owners if the results are acted upon.
>
>While law enforcement agencies cannot search an individual's computer
>without a warrant, they can act on a tip. The F.B.I., one of the agencies
>on the Noped list, would not say if it had received tips from this virus
>program. A Justice Department lawyer said that law enforcement
>officials could legally conduct a search based on the tip, but added,
>"That's a very different question from `would law enforcement ever
>open an investigation based on that information?' "
>
>Perhaps most troubling, legal experts say, is the havoc that the virus
>could wreak on the reputation of people with no involvement in child
>pornography.
>
>"There is no telling how far this information might spread," said
>Stephen J. Davidson, a lawyer and spokesman for the Computer
>Law Association. Local news organizations could report that a
>parent was under investigation as a pedophile, he said, "all
>resulting from an unwarranted and illegal entry to your private
>computer."

It appears that one effective way to combat such a virus is with 
disinformation.

Approach 1: Merge one of those "50 million Internet address lists" and 
random listing of possibly pedo file names which the virus might have 
flagged and generate email.  Generate forged emails from these addresses 
and mail notifications to random addresses from the virus' LE address list.

Approach 2: Release another virus which generates false reports from any of 
the users it infects.

steve