Well, to find out who is spreading pictures, you will need to modify them on the fly, giving each user a different file. You could modify the EXIF information, but that is easily visible, and easily changed once the users suspect something is going on. Still, you would probably catch the first miscreant with this trick. (For perl bindings, look to Image::EXIF).

After that, you will need to be more clever. The practice of hiding messages in plain sight (such as in the slight increase of noise in a particular picture) is called steganography. If you google for it, you will get loads of theory, and some code, including steghide, a program designed to hide messages in pictures.

Your script would need to call steghide before each download, and hide the string "downloaded from foo by user bar".

I suggest including the name of the site just so the miscreant doesn't try to explain that he signs all "his" pictures with his username.

I'm sorry, but I couldn't find perl bindings for steghide.