Connect with us

Hi, what are you looking for?



Japan’s Plan for ‘Good Computer Virus’ Sparks Debate

JapanPlans for "Good" Computer Virus to Attack Attackers

Japan Developing “Good” Computer Virus That Will Attack The Attackers

JapanPlans for "Good" Computer Virus to Attack Attackers

Japan Developing “Good” Computer Virus That Will Attack The Attackers

The words “good” and “virus” may look funny stuck together in a headline, but the words have become a popular way to describe plans by the Japanese government to use a program designed to attack the attackers.

News of the initiative was reported earlier this week by Japanese newspaper Yomiuri Shimbun. According to the paper, the country’s defense ministry commissioned Fujitsu to develop the cyber-weapon back in 2008. Since then, the program has been tested in a closed network environment. The virus has the ability to trace the sources of an attack and springboard to computers used to transmit the malware, as well as disable the attacking program and collect relevant information.

The prospect of such a weapon however has given some security experts pause. Anup Ghosh, chief scientist at Invincea, is among them. Self-propagating code adds risk “any time you do it,” he told SecurityWeek. For example, the Morris worm was not written to cause damage, he noted. Yet it ended up causing a massive disruption of the Internet in 1988.

Attacking the Attackers

A slightly different but more recent example would be the Sony BMG rootkit scandal. In that case, Sony BMG (now defunct) was revealed in 2005 to be including rootkit functionality in digital rights management software on its music CDs that was automatically installed on Windows computers whenever the customer tried to play the CDs. The rootkit left consumers open to viruses written to abuse the technology, thereby creating a new security hole.

Other examples of attempts to create good viruses in the past include the Cruncher virus and malware designed to fight child abuse images and report its findings to authorities, noted Graham Cluley, senior technology consultant with Sophos.

“But the simple truth is that none of them have needed to be viral to deliver their positive benefit,” he blogged. “And, similarly, I suspect that the Japanese don’t need to develop viral code to fight a malware infection. Anything which can be done by viral code can be done – with less headaches – by non-replicating software. When you’re trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it’s probably not wise to let loose a program that starts to trample over your hard drives, making changes.”

Advertisement. Scroll to continue reading.

Then there are the murkier issues of ethics, such as the lack of permission to install a program on someone’s computer, Ghosh said. There is also the prospect of malware utilizing the virus in some way to compromise machines – something that happened in the case of the Sony BMG rootkit – as well as the possibility the good virus itself does damage to a user’s computer in some way, he added.

Still, nations have “special considerations” and a different set of ethics to abide by than companies, argued Sean Sullivan, security advisor for F-Secure Labs.

“I think it is difficult to imagine anyone outside of governments creating ‘white worms’ and even then as an antivirus company, we wouldn’t do anything to prevent our technology from detecting or blocking such technology,” he said. “To us, a worm is a worm is a worm…It would be completely unethical to use in the private sector against cyber-criminals.”

“I totally think a white worm would…fly in the United States, for DHS (Department of Homeland Security) national security reasons,” he added. “If the government thinks they need to use it, they will. The Air Force has already hinted at developing counter-attack technologies, but they’ve been smart enough not to term it as a cyber-weapon virus.”

Regardless, the approach taken by the Japanese government will not cure the cyber-security problem, Yuval Ben-Itzhak, CTO of AVG Technologies, told SecurityWeek.

“Protecting against computer viruses requires a layered security solution rather just a single method,” he said. “This is how the security vendors are approaching the problem. Having today’s layered security products, for a worm to spread across computers without them explicitly allowing it, is a challenge the author of this tool will find almost impossible to solve.

“Microsoft, Google (and) Apple are delivering with their operating systems a feature that enables them to remove/isolate a known threat – even so, virus authors and security researchers manage to find ways to bypass it,” he added. “When you raise the bar on one side – either cybercriminals or security vendors – the other side reacts as well – this is how the security market has operated for many years.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.