According to media reports, the Japanese Defense Ministry has awarded Fujitsu a contract to develop a computer virus.
Japan finds that it has been victim to computer break ins much the same as the US with someone seeking to discover trade secrets from industry, of seeking military secrets and equipment specs, and trying to obtain political information from government offices through their computers.
How nice, what could possibly go wrong with such a tool? I keep getting these images in my mind from the movie Johnnie Menomic. A villain in a virtual world. One that could hop from computer to computer at will.
The idea is great. Take a virus killer made to act like a virus and have it go hunt down the source of infection along with those computers infected and turn them off or neutralize them. Not so great if you have one of the infected computers or worse say a global network like some of the larger corporations.
Much of the malware on the net now seeks to spread itself depending on the type malware. Trojans may be the exception as they tend to stay put where they are and monitor for whatever they seek. But viruses and worms tend to seek to spread through various means. Viruses prefer files to transfer and worms tend to seek networks to spread. Having one of these virus killers kill several hundred computers through a network sounds like an cure worse than the ill.
Where would such a software draw the line? Guess that depends on who makes it. Many government spy programs act more like a malware. Case in point is a German hack club (Chaos Computer Club) that got a hold of the program used by their police investigators to:
…prompted a public outcry here recently when it discovered that German state investigators were using spying software capable of turning a computer’s webcam and microphone into a sophisticated surveillance device.
To understand just how bad this is in Germany, that country has some of the strongest privacy laws in the world. What was presented to the German Federal Constitutional Court for the capabilities of the trojan for permission to use it and what it could really do were two different animals. It was supposed to be limited to obtaining evidence for court cases but instead was found to be a trojan that was up-datable, capable of taking over computers, and able to put in data should the users of it so desire.
A virus hunting program would probably not distinguish between languages, since computers work in all languages from the same base computer. The language it works in is just an up-datable package.
This also brings to question the issue of websites. Many malwares seek to do cross-injection attacks to infect websites. A recent one called Lilupophilupop, today hit one million websites infected through this method with a two stage attack. Once infected, the owner of the successful attack is able to update it through remote programs.
In this instance, how many websites does such a virus hunter remove from the internet? Or does it?
There are a lot of questions for this type of software. It’s very early in the game to be able to say what it’s payload or packaging will do or seek. It will of necessity effect websites around the world and not just be limited to Japan to be successful.