A new e-mail worm that's just beginning to wiggle its way across the Internet scours infected computers for image files containing child pornography, and alerts government agencies if any suspicious files are discovered.

The alert e-mail contains an attached copy of one of the files that allegedly contain child pornography discovered during the worm's search of infected hard drives, and also identifies the porn possessor's e-mail address. It's hard not to see the "Noped" worm as a sort of illegal social service, said Andrew Antipass, of the British security firm TechServ. But Antipass is not necessarily convinced that the worm is able to reliably identify porn, and worries that the government may be inundated with false alerts. Noped is a Visual Basic Script (VBS) worm that arrives as an e-mail attachment. The worm is coded to encrypt itself, a method of hiding its code in an effort to allow it to slip through antiviral software. The e-mail containing the worm arrives with a subject header "Help us ALL to END ILLEGAL child porn NOW." The message text reads "Hi, just a quick e-mail. Please read the attached document as soon as you can. Thanks." The name of the attachment, which contains the worm, is "END ILLEGAL child porn NOW.TXT." The .VBS file suffix may not appear, depending on a user's preference settings in Outlook, but the standard VBS file icon, a small scroll, is displayed on the attachment. When a PC user running the e-mail program Outlook clicks on the attachment, the worm opens Notepad and displays a text file. The text file displayed by Notepad contains information about the legal definition of child pornography, warns that any sexually explicit photographs of anyone 17 years of age or younger is child pornography and advises the users of the infected machines of the penalties for possessing or transmitting such images.