Man admits in court to writing anime Trojan horse that attacked P2P users

Sophos Press Release

Bizarre file-sharing malware displayed copyrighted anime characters while wiping movie and music files

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded businesses of the importance of protecting their networks from virus attack, as a Japanese man admits in court to writing a data-destroying Trojan horse.

24-year-old Masato Nakatsuji, who was revealed to be the first ever virus writer to be arrested in Japan when he was apprehended in January, admited in Kyoto District Court that he created a Trojan horse and used copyrighted animation footage to spread it via the net. Nakatsuji has admitted to having written the malware which displayed images of popular anime characters while wiping music and movie files from users' computers. The malicious code, believed to be the Pirlames Trojan, was spread via the controversial Winny file-sharing system in Japan last year.

This is a visit from the prevalent Piro virus! Stop P2P! If you don't, I'll tell the police!
The Pirlames Trojan, which is believed to be the malware related to the case, was distributed via Winny and displayed cartoon images.

Nakatsuji made the admission during the first day of the trial, where he answered charges of copyright infringement and defaming an acquaintance by embedding his photograph into the malicious code.

The court in Kyoto heard prosecutors describe how Nakatsuji is alleged to have created the Trojan horse, attached it to copyrighted animated pictures and planted links to it on internet message forums. However, Nakatsuji's defense team has argued that the malware was not seriously malignant, and that justice would not be served by punishing the graduate student of Osaka Electro-Communication University for spreading the Trojan horse when there were no specific laws against it.

"Al Capone was charged with tax evasion rather than racketeering, and Masato Nakatsuji is being charged with copyright infringement rather than for creating his movie and music-munching malware," said Graham Cluley, senior technology consultant for Sophos. "If he is found guilty, the general public are unlikely to worry that it was his ill-advised choice of graphics which got him into legal trouble rather than virus-writing. However, a clear message needs to be sent to the computer underground that they will not be shown a blind eye if they spread malicious code and damage innocent people's computers and data."

Isamu Kaneko, the author of the Winny file-sharing program, was fined by a Japanese court in December 2006 for assisting in copyright violation. The rights and wrongs of the case have been widely debated on the internet.

Sophos experts note that this is not the first time that the Winny file-sharing network has been troubled by malware:

  • In May 2006, Sophos reported that a virus had leaked power plant secrets via Winny for the second time in four months.

  • The previous month, a Japanese anti-virus company admitted that internal documents and customer information had been leaked after one of its employees failed to install anti-virus software.

  • Earlier in 2006, Sophos described how information about Japanese sex victims was leaked by a virus after a police investigator's computer had been infected.

  • In June 2005, Sophos reported that nuclear power plant secrets had been leaked from a computer belonging to an employee of Mitsubishi Electric Plant Engineering.

  • The police force in Kyoto, Japan, were left with red faces after a virus spread information about their "most wanted" suspect list in April 2004.

Sophos recently published its Security Threat Report 2008, which included information about recent successes by the authorities in fighting cybercrime:

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at