Japan Developing “Good” Computer Virus That Will Attack The Attackers
The words “good” and “virus” may look funny stuck together in a headline, but the words have become a popular way to describe plans by the Japanese government to use a program designed to attack the attackers.
News of the initiative was reported earlier this week by Japanese newspaper Yomiuri Shimbun. According to the paper, the country’s defense ministry commissioned Fujitsu to develop the cyber-weapon back in 2008. Since then, the program has been tested in a closed network environment. The virus has the ability to trace the sources of an attack and springboard to computers used to transmit the malware, as well as disable the attacking program and collect relevant information.
The prospect of such a weapon however has given some security experts pause. Anup Ghosh, chief scientist at Invincea, is among them. Self-propagating code adds risk “any time you do it,” he told SecurityWeek. For example, the Morris worm was not written to cause damage, he noted. Yet it ended up causing a massive disruption of the Internet in 1988.
A slightly different but more recent example would be the Sony BMG rootkit scandal. In that case, Sony BMG (now defunct) was revealed in 2005 to be including rootkit functionality in digital rights management software on its music CDs that was automatically installed on Windows computers whenever the customer tried to play the CDs. The rootkit left consumers open to viruses written to abuse the technology, thereby creating a new security hole.
Other examples of attempts to create good viruses in the past include the Cruncher virus and malware designed to fight child abuse images and report its findings to authorities, noted Graham Cluley, senior technology consultant with Sophos.
“But the simple truth is that none of them have needed to be viral to deliver their positive benefit,” he blogged. “And, similarly, I suspect that the Japanese don’t need to develop viral code to fight a malware infection. Anything which can be done by viral code can be done – with less headaches – by non-replicating software. When you’re trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it’s probably not wise to let loose a program that starts to trample over your hard drives, making changes.”
Then there are the murkier issues of ethics, such as the lack of permission to install a program on someone’s computer, Ghosh said. There is also the prospect of malware utilizing the virus in some way to compromise machines – something that happened in the case of the Sony BMG rootkit – as well as the possibility the good virus itself does damage to a user’s computer in some way, he added.
Still, nations have “special considerations” and a different set of ethics to abide by than companies, argued Sean Sullivan, security advisor for F-Secure Labs.
“I think it is difficult to imagine anyone outside of governments creating ‘white worms’ and even then as an antivirus company, we wouldn’t do anything to prevent our technology from detecting or blocking such technology,” he said. “To us, a worm is a worm is a worm…It would be completely unethical to use in the private sector against cyber-criminals.”
“I totally think a white worm would…fly in the United States, for DHS (Department of Homeland Security) national security reasons,” he added. “If the government thinks they need to use it, they will. The Air Force has already hinted at developing counter-attack technologies, but they’ve been smart enough not to term it as a cyber-weapon virus.”
Regardless, the approach taken by the Japanese government will not cure the cyber-security problem, Yuval Ben-Itzhak, CTO of AVG Technologies, told SecurityWeek.
“Protecting against computer viruses requires a layered security solution rather just a single method,” he said. “This is how the security vendors are approaching the problem. Having today’s layered security products, for a worm to spread across computers without them explicitly allowing it, is a challenge the author of this tool will find almost impossible to solve.
“Microsoft, Google (and) Apple are delivering with their operating systems a feature that enables them to remove/isolate a known threat – even so, virus authors and security researchers manage to find ways to bypass it,” he added. “When you raise the bar on one side – either cybercriminals or security vendors – the other side reacts as well – this is how the security market has operated for many years.”