Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
New "vigilante" email virus

By khym in News
Thu May 31, 2001 at 02:43:09 PM EST
Tags: Internet (all tags)
Internet

There's a new VBscript email virus that's trying to do it's part in the campaign to stamp out child pornography. Once your machine is infected, it scans your hard drives for JPEG files with filenames that look like they might contain child porn, and if these are found, it mails off warnings to several different law enforcement agencies. There's a news type description and a technical type description of the virus.


Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o news type description
o technical type description
o Also by khym


Display: Sort:
New "vigilante" email virus | 34 comments (28 topical, 6 editorial, 0 hidden)
Ha! (3.50 / 2) (#2)
by AgentGray on Wed May 30, 2001 at 05:48:17 PM EST

Why hadn't the idea of a vigilante virus crossed anyone's mind before?

upight bastards (4.25 / 4) (#3)
by Seumas on Wed May 30, 2001 at 05:53:15 PM EST

Because uptight, do-gooder, self-rightous busy-bodies had been too busy wagging fingers to bother learning to code, until now.
--
I just read K5 for the articles.
[ Parent ]
Why not before? (4.50 / 6) (#9)
by Anonymous Commando on Wed May 30, 2001 at 06:07:45 PM EST

Because there are so many things that can go wrong that no-one with a resonable allocation of common sense would do it.

Imagine a vigilante worm that went out deleting kiddie-porn JPEG files, but a bug in the coding actually causes it to delete DLL files instead...

Imagine a vigilante worm that looked for certain keywords in text files to identify kiddie-porn, but generates so many false positives that mail servers are overwhelmed (remember "Love Bug"?)

Imagine a vigilante worm that generates so many messages to law enforcement officials that they begin to discredit any e-mail report of child pornography.

Worst of all - imagine a vigilante worm that is so effective in catching pedophiles that companies like Microsoft begin leaving backdoors open intentionally, either on their own initiative, or at the behest of law enforcement officials...

But, it's too late now. Pandora's box is open, and we can't close it.
Corporate Jenga™: You take a blockhead from the bottom and you put him on top...
[ Parent ]

really stupid (4.69 / 13) (#4)
by Seumas on Wed May 30, 2001 at 05:57:52 PM EST

This is really stupid. I mean, I'd assume it'd look for something like 17yrold.jpg or something? I think I have a picture of myself from my highschool years that has a similar name.

Like law enforcement would give an anonymous email with completely inaccurate and unfounded claims any credence? Especially since the email itself isn't enough to be considered "probable cause" for any investigation.

It's an amusing idea, but again, catching some perverted geezer isn't worth invading my privacy. Sounds like it's time everyone installs Outlook on a Windows box, downloads press pictures of members of congress and renames it with very obvious names and troll the virus. Won't take long before authorities get really pissed off at all of the spam and decide to hunt down the guy who made the virus and land his ass in jail.
--
I just read K5 for the articles.

Law Enforcement (4.33 / 6) (#11)
by J'raxis on Wed May 30, 2001 at 06:21:44 PM EST

Like law enforcement would give an anonymous email with completely inaccurate and unfounded claims any credence? Especially since the email itself isn't enough to be considered "probable cause" for any investigation.
Unfortunately you're forgetting how irrationally hysterical people get about child pornography.

From the technical aspect,* it could actually be effective if it culled the various Usenet fora and other known kiddie porn locations,** recorded the filenames or even possibly checksums, then scanned matching files on your computer. IMO, a checksum match would amount to a probable match: of course you still have the "illegal search and seizure" aspect in the first place, so it's a moot point.

* I hate to give these vigilante zealots any ideas, but I thought the idea was intriguing.

** Or, if this virus was actually written by law enforcement (wouldn't surprise me; they've done worse), it could actually have access to seized evidence.


-- The 16798e6828ee646d218a6acee47714aa Raxis

[ J’raxis·Com | Liberty in your lifetime ]
[ Parent ]

"filenames that look like they might" (4.41 / 12) (#5)
by Philipp on Wed May 30, 2001 at 05:59:25 PM EST

I wonder what that entails - "cutebaby.jpg", "lovelykid.gif", ...
The grandparents of the world are in deep trouble.

alias kn 'killall -9 netscape-communicator'
but (4.00 / 9) (#7)
by alprazolam on Wed May 30, 2001 at 06:01:44 PM EST

how do you know they aren't looking at those pictures and imagining those kids naked. its a dangerous world you know.

[ Parent ]
4 (4.00 / 6) (#8)
by J'raxis on Wed May 30, 2001 at 06:07:38 PM EST

Sounds real useful. "Illegal search and seizure"?

-- The Who's-Still-Downloading-Attachments-Anyway? Raxis

[ J’raxis·Com | Liberty in your lifetime ]

OT: lots of 4s (3.40 / 5) (#18)
by Delirium on Wed May 30, 2001 at 11:08:03 PM EST

4 (4.00 / 4) (#8)
I found that amusing. Yes, I'm easily amused.

[ Parent ]
Digital Darwinism (3.33 / 6) (#10)
by Sikpup on Wed May 30, 2001 at 06:09:13 PM EST

Nowadays, anyone stupid enough to open a .vbs deserves whatever misery it causes them. Too bad pedophiles seem to be a little more tech saavy than average.

On a related note, what happens if someone at the US Postal Service sets this one off? Given that they are such a major distributor off-line (all to catch those sickos out there, of course) why wouldn't they be a major provider on line. Can you see the headlines? USPS servers found to have 200 gigabytes of kiddie porn online...



To be fair, its a little more cunning than that. (4.00 / 1) (#21)
by squigly on Thu May 31, 2001 at 03:29:37 AM EST

the file is a .txt...........vbs. Presumably there are enough '.'s to push the .vbs off the end.

[ Parent ]
To be really fair (4.00 / 1) (#28)
by Biff Cool on Thu May 31, 2001 at 03:26:24 PM EST

The mailserver administrator should be quarantining/blocking any email with a double extension (.txt.vbs) at the least, if not anything ending with .vbs then this kind of stuff wouldn't happen.

How many files have you seen that had double extensions that weren't virii?


My ass. It's code, with pictures of fish attached. Get over it. --trhurler


[ Parent ]
oh how about (4.66 / 3) (#30)
by jayfoo2 on Thu May 31, 2001 at 03:42:09 PM EST

.tar.gz

oh you mean windows files don't you :-)

[ Parent ]
Thanks (none / 0) (#34)
by Biff Cool on Fri Jun 01, 2001 at 10:03:27 AM EST

Don't I feel like a dumb-ass.  Yes actually I did mean windows files, of course I've gotten .tar.gz's on windows too (though I'm not sure why).  Okay so there are some exceptions that would have to be thrown in, but it's still alot simpler/cheaper then buying into the drug model of anti-virus companies.

My ass. It's code, with pictures of fish attached. Get over it. --trhurler


[ Parent ]
And in other news... (4.50 / 6) (#12)
by associatedrediffusion on Wed May 30, 2001 at 06:35:20 PM EST

Police today raided several hundred people who happen to have Kubrick's 'Lolita' entered into their DVD databases.

what filenames? (3.50 / 4) (#13)
by adrien on Wed May 30, 2001 at 06:37:33 PM EST

anybody know exactly what kinds of file names it looks for?

Also, from the tech description, the subject seems to say something like "help us stop child pornography!". Which means it should be described as a worm that tries to catch really, really stupid child porn fans.


-adrien
file extensions (2.00 / 1) (#27)
by wiredog on Thu May 31, 2001 at 01:30:38 PM EST

It looks for gif, jpg, et. al.

"Anything that's invented after you're 35 is against the natural order of things", Douglas Adams
[ Parent ]
who's that stupid? (4.33 / 9) (#14)
by adrien on Wed May 30, 2001 at 06:42:08 PM EST

If I collected child porn, the last thing I would do would be to name the files "naked_15yrold_girl.jpg", "highschool_slut.jpg" and "cmdrtaco_naked.jpg".

And would I read an email and run an attachment with the subject message saying FWD: Help us ALL to END ILLEGAL child porn NOW?


-adrien
OK. So actually it's a virus to catch... (3.33 / 3) (#15)
by SIGFPE on Wed May 30, 2001 at 06:54:04 PM EST

...stupid paedophiles. Some people might think that was just as useful.
SIGFPE
[ Parent ]
Public Service Announcement (5.00 / 8) (#19)
by Global-Lightning on Thu May 31, 2001 at 12:04:35 AM EST

Two years after the first Outlook .vbs worm and five years after the first Office macro virus, too many users are still victimized. We could group these people into two categories:

1. People who use these products at work, and depend on a dedicated IT staff for their system maintenance.
THERE IS ABSOLUTELY NO EXCUSE WHY THIS GROUP SHOULD STILL BE FALLING FOR VBS/MACRO WORMS
Any System Administrator who is still having problems protecting his/her systems against these attacks after 2+ years should be immediately fired, have their MCSE revoked, and not be allowed to used anything more complex than an abacus.

2. Home users who like these products for their powerful capabilities yet simple interfaces. They may not be the most technically adept, and understandably may not know where to start when it comes to protecting their systems.

----------------------------------------------------------

As a public service for group 2, and unfortunately I suspect for too many in group 1, I've assembled these tips for basic Windows security for non-technical people:

1. To protect yourself from vbs/Outlook worms, the easiest thing you can do is disable windows scripting

2. To protect yourself from Office macro viruses, there are several things you can do:

  • Turn on macro virus protection. In Word 97 and Excel 97: from the Tools menu, click Options. On the General tab, check Macro Virus Protection. In Word 2000 and Excel 2000: open the Tools menu, point to Macro and select Security and set it to the level you want. High security will open only signed macros. Recommend using this setting unless you use macros, then use medium. Medium security will always brings up the macro dialog protection box that allows you to disable macros if you are unsure.
  • In Word, use .rtf file extensions instead of .doc. rtf files by design can't carry macros
  • Just say "NO". When Office prompts you to open a macro, the safest option will always be to decline
3. Disable NetBIOS. Unless you really need this service for a home network, the default NetBIOS settings expose you to all kinds of nastiness when you go online. Much more information is available at Shields Up! For the impatient, skip to Web Bondage section and follow the links for your Operating System at the bottom of the page.

4. Safe surfing. If you use Internet Explorer for browsing, Open Tools, Internet Options. Select the Security tab, highlight the Internet zone, and press the Custom Level button. Disable all ActiveX options. You may also want to play with the other options, especially the scripting ones (I disable the "Allow paste operations via script")

5. Finally, New vulnerabilities and exploits are always being discovered. As part of your regular system maintenance you should check the Microsoft Security Bulletins , download and install patches, and update your system regularly (At least weekly or monthly).

Well, that all I can come up with for now, and I'll bet I've missed some of the biggest holes out there. Append any other tips that may be useful as a reply to this post.

You forgot an even easier measure. (3.75 / 4) (#22)
by Tezcatlipoca on Thu May 31, 2001 at 03:38:40 AM EST

Dump your MS applications. Keep Windows if you like, but for goodness sake, dump the rest, specialy Outlook.

I have one Windows machine, it does not run any MS apps, and yes I am fine thank you, perhaps I struggle a bit with some documents from other people, but that is once in a very long while.

You don't need Outlook, get rid of it.



Might is right
Freedom? Which freedom?
[ Parent ]
Why do you use Windows? (2.00 / 1) (#32)
by kubalaa on Thu May 31, 2001 at 11:20:34 PM EST

Seriously. I'm not a Microsoft basher, but nobody uses Windows for the OS, they use it for the applications.

[ Parent ]
Because.... (none / 0) (#33)
by Tezcatlipoca on Fri Jun 01, 2001 at 04:05:41 AM EST

... some specialized software (oil industry) runs only in Windows. Otherwise Windows would have followed the way of the MS apps (I am not a big gamer, chess and chinese chess, and for those there are alternatives in Linux which is my primary OS at home).

Might is right
Freedom? Which freedom?
[ Parent ]
well RTF may not be as secure as it seems... (4.00 / 2) (#23)
by neuneu2K on Thu May 31, 2001 at 04:42:02 AM EST

In fact RTF are possibely vulnerable (only Denial Of Service but...)
RTF Vulnerability
The most important lesson for users is do not send funny executable attachements !!
- "And machine code, which lies beneath systems ? Ah, that is to do with the Old Testament, and is talmudic and cabalistic..." - Umberto Eco
[ Parent ]
Which law enforcement agencies? (3.33 / 3) (#25)
by natael on Thu May 31, 2001 at 11:35:47 AM EST

What law enforcement agencies does this virus report to? I would assume American. What about non-U.S. Citizens? Some countries have still not outlawed child pornography. Like some people have mentioned, a script like this could flood agencies-- even worse though would be getting reports of people, only to research and find they are not under their jurisdiction.

Is child porn really that bad? I know you can make the argument that it encourages unnatural and dangerous feelings in some toward children, but that is the same case for everything. You'll still have that small percentage who view adult porn and get the urge to go rape someone. We don't ban it though. I've heard many people say its about innocence, and not exploiting the children. Most of the pictures I've seen are shot in an almost artistic manor, which is what I think draws many people to view child porn.

When I turned 18 and realized it probably wasn't a good idea to be downloading underage porn anymore, I found that many japanese/asian pictures had the same artistic quality that originally drew me in, while the subject was older (as was I) which I could relate to.

"And now you're apologizing, not for insulting and denigrating people you don't know, but for doing it twice. Amazing..." -- Ryan

actually (4.00 / 2) (#31)
by jayfoo2 on Thu May 31, 2001 at 03:49:21 PM EST

Based on an article I read about this (no citiation, I can't remember precisely where) it mails them to British authorities.

Like I said, this is my recolection, If I'm wrong, blame it on rio.

[ Parent ]
Smug at home (3.33 / 3) (#26)
by weirdling on Thu May 31, 2001 at 12:03:56 PM EST

Well, now, another thing that won't hurt my Mac...

I'm not doing this again; last time no one believed it.
Great! Just great! (4.50 / 2) (#29)
by jabber on Thu May 31, 2001 at 03:27:09 PM EST

First Napster scanning for song names, now this!

I can't believe that I now have to go through my hundreds of megs of feline photographs and rename them from clearly identifiable filenames like "wet_5_year_old_pussy.jpg" to something completely impossible to find in a hurry, like "wt_5_yo_psy.jpg".

OTOH, I'm glad that someone out there is finally launching a DDOS against the The Man.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"

New "vigilante" email virus | 34 comments (28 topical, 6 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!