The Trojan.Haradong author and his
accomplices have been arrested, not for creating the so-called "Harada
virus," but for unauthorized use of copyrighted materials.
Unfortunately in Japan, there is no law prohibiting people from
creating malware. There is a bill that was submitted to the National
Diet several years ago but is still in its deliberation process and has
yet to be passed. Hopefully, this arrest will raise the priority for
legislators to pass a law banning the development and/or use of malware
for malicious purposes. The law authorities sure can use the law
because at the moment they are having to brainstorm ideas on what
charges to arrest these type of criminals on.
Let me first give you some background on Winny, which has been used
as a vehicle to spread this malware. Due to the characteristic of
malware such as W32.Antinny, Winny and the malware lurking in the
file-sharing network has been a widely discussed topic in Japan the
last few years. The main characteristic is the capability of leaking
files onto the file-sharing network. Once the malware is executed, it
searches the computer for files with file extensions such as .doc,
.xls, .eml, .ppt, .dbx, .txt, and .pdf, and copies them to a particular
folder that is used to share files on the Winny network. Guess what
sort of files leaked out onto the file-sharing network? Confidential
documents from sources such as a power plant, the police department,
the SDF, ISPs, and list goes on and on. We are still finding out about
new leaks almost daily. Once the file leaks out, there is no way to
retrieve them. Because of the impact this has had on businesses and the
government in Japan, Shinzo Abe, the former Prime Minister and Chief
Cabinet Secretary at the time, held a press conference asking Japanese
citizens stop using Winny. Also, in December 2006, Mr. Isamu Kaneko,
the developer of Winny, was fined by a Japanese court for assisting in
violation of intellectual properties law. This should give you an idea
of how hot this topic has been in Japan.
Now let me explain what Trojan.Haradong and its variants do. First
of all, the typical Trojan.Haradong has an enticing filename to attract
people to download it. Though the file is an executable, the icon is
either an icon of a Windows Media Player file or an icon of a folder.
When the malware is executed, anime pics/video is displayed on screen
criticizing the infected user for misusing P2P software and downloading
illegal content. Some variants even override various files in the
Window's program folder and files under Documents and Settings\All
Users with bitmaps of amine and/or deletes files downloaded by the
file-sharing applications Winny and Share. One variant even uploads
details of the compromised computer to the malware author. I believe it
should be illegal to create and/or distribute malware of this kind, but
the authorities can only charge them with violating the copyright law.
This arrest is said to be the first of its kind for creating a virus
in Japan, and hopefully more will follow. But its up to the legislators
to make this happen. Incidentally, there was a similar case back in
January 2006 when a man was arrested for creating and using spyware to
steal bank account details. He was arrested for using a computer to
commit fraud and for violating the unauthorized access law. In April of
the same year, another man was also arrested for using similar spyware
to steal bank account information. According to Symantec's definition,
both spyware applications are classified as infostealers, a type of
Trojan Horse, which is malware not spyware. So therefore by this
definition, I would not consider the "Harada virus" author to be the
first to be arrested for creating malware.
For more information about this event, here is an article written by the Asahi Shimbun and here is a past blog about Trojan.Haradong.