First virus writer arrested in Japan.. for breaching copyright

Sophos Press Release

P2P malware displayed anime characters on screen while wiping music and movie files

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded businesses to defend their networks from malware attack, following the first ever arrest by Japanese authorities of a virus writer.

Police in Kyoto have arrested three men, who are said to have been involved in a plot to infect users of the P2P file-sharing network Winny with a Trojan horse that displayed images of popular anime characters while wiping music and movie files. The malware, which has been dubbed Harada in media reports, is believed to be related to the Pirlames Trojan horse which Sophos reported intercepting in Japan last year.

According to Japanese media reports, the three men have admitted their involvement in the crime. Masato Nakatsuji, a 24-year-old student, is said to have written the malware, while 39-year-old Shoji Sakai and Katsuhisha Ikema, 35, are said to have distributed the malicious code via Winny.

Ah, I see you are using P2P again... if you don't stop within 0.5 seconds, I'm going to kill you.
The Pirlames Trojan, which is believed to be related to the arrests in Japan, was distributed via Winny and displayed cartoon images.

"Normally you would expect malware writers to be arrested for breaking into computers with their code or damaging data, but in this case he is accused of breaching copyright because he used cartoon graphics without permission in his Trojan horse. Because this is the first arrest in Japan of a virus writer it's likely to generate a lot of attention and there will be many people watching to see the outcome," said Graham Cluley, senior technology consultant for Sophos. "Malware is truly a global menace, impacting on every user of the internet, and it is good to see police around the world doing their bit to tackle the problem."

Isamu Kaneko, the author of the Winny file-sharing program, was fined by a Japanese court in December 2006 for assisting in copyright violation. The rights and wrongs of the case have been widely debated on the internet.

A survey conducted in 2006 by Sophos reflected the serious concern that uncontrolled applications are causing system administrators. For example, 86.5 percent of respondents said they want the opportunity to block P2P applications, with 79 percent indicating that blocking is essential.

"Businesses are increasingly looking to control users' access to P2P file-sharing software not just because they can eat up bandwidth or infringe copyright laws, but also because they can present a security risk to your corporate data," continued Cluley. "This music and movie-munching Trojan horse is a timely reminder of the danger malware can pose to a company's network."

Application Control is an optional feature of Sophos Endpoint Security and Control, available to both new and existing customers at no additional charge. It allows system administrators to set a policy as to which applications users are allowed to run.

Simply click on the arrow above to stream the podcast through your browser. Alternatively you can download it to your MP3 player.

Sophos experts note that this is not the first time that the Winny file-sharing network has been troubled by malware:

  • In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months.

  • The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.

  • Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.

  • In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.

  • The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004.

Sophos recently published its Security Threat Report 2008, which included information about recent successes by the authorities in fighting cybercrime:

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at