Japanese P2P virus writer convicted, but escapes jail

May 16, 2008 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have questioned whether courts worldwide are giving consistent sentences to hackers following the news that a Japanese man has escaped jail, despite admitting writing a virus that wiped music and movie files on innocent users' computers.

24-year-old Masato Nakatsuji, who was revealed to be the first ever virus writer to be arrested in Japan when he was apprehended in January, admitted writing the malware which displayed images of popular TV anime characters while destroying data on third party computers. The malicious code was spread via the controversial Winny file-sharing system in Japan last year.

Today, Nakatsuji, a graduate student at Osaka Electro-Communication University, was found guilty in Kyoto District Court and sentenced to two years in jail. However, as the sentence is suspended for three years he will not have to serve any time in prison.


The Pirlames Trojan was distributed via Winny and displayed cartoon images from the animated TV show 'Clannad'.

"Masato Nakatsuji has been found guilty of copyright infringement rather than for the damage his movie and music-munching malware caused," said Graham Cluley, senior technology consultant for Sophos. "One has to wonder whether if he had been apprehended in another country then he would have been charged with a more conventional cybercrime and might have got a more serious sentence."

Nakatsuji has claimed that he wrote his malware to try and punish people who downloaded copyrighted material from peer-to-peer file-sharing networks.

"If movies and animated films are illegally downloaded, TV networks will stop showing these programs in the future," Nakatsuji said during the trial, trying to explain his behavior. "My hobby is to watch recorded TV programs, so I was trying to stop that."

However, Sophos believes that it is wrong for internet users to take the law into their own hands.

"There are enough cybercriminals out there causing harm and stealing money and identities with malicious code - the last thing we need are vigilantes entering the mix, writing malware to try and put right what they believe to be wrong," says Cluley. "If someone sees the law being broken on the net - go to the authorities. Don't write malware. This man is frankly lucky to have got away without a more serious punishment."

Coincidentally, Isamu Kaneko, the author of the Winny file-sharing program, was fined by a Japanese court in December 2006 for assisting in copyright violation. The rights and wrongs of the case have been widely debated on the internet.

Controlling use of P2P file-sharing networks wihin an organization

A survey conducted in 2006 by Sophos reflected the serious concern that uncontrolled applications are causing system administrators. For example, 86.5 percent of respondents said they want the opportunity to block P2P applications, with 79 percent indicating that blocking is essential.

"Businesses are increasingly looking to control users' access to P2P file-sharing software not just because they can eat up bandwidth or infringe copyright laws, but also because they can present a security risk to your corporate data," explained Cluley.

Application Control is an optional feature of Sophos Endpoint Security and Control, available to both new and existing customers at no additional charge. It allows system administrators to set a policy as to which applications users are allowed to run.


Simply click on the arrow above to stream the podcast through your browser. Alternatively you can download it to your MP3 player.

Winny: A history of close-calls with malware

Sophos experts note that this is not the first time that the Winny file-sharing network has been troubled by malware:

  • In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months.

  • The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.

  • Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.

  • In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.

  • The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.