Industry News

Japan is developing a computer virus to fight cyberattacks, claim reports

According to a report in the Japan Times, the Japanese Defense Ministry is considering creating “its first ever computer virus… as a defense measure against cyberattacks.”

Sources in the know have apparently told reports that the Defense Ministry is considering thinking of getting private companies to develop the malware by next March. The aim? To “break into a computer system, hoping such a computer virus could work as a deterrent against cyberattacks.”

The malware, a ministry source told the Japan Times, would not be used for pre-emptive attacks but instead used for defensive purposes.

When I read the report, I was unsatisfied by the lack of detail. I wanted to know more. And I had questions… lots of questions.

Perhaps the first and biggest question though is this: do they really mean a “virus”? The general public still throws around the word “virus” a lot, but perhaps don’t know precisely what it means.

A virus is a piece of executable code that can replicate itself, perhaps by injecting itself into other computer programs or an area of your computer which stores code that gets executed.

And the surprising truth today is that most of the malware we see isn’t actually viral at all. Much of the malicious code analysed by security labs takes the form of a Trojan horse (a program which does something malicious you weren’t anticipating, perhaps posing as a harmless program) which don’t have an in-built mechanism for spreading.

So, an attacker might spam out a Trojan horse to their intended target, attached to an email which expertly socially-engineers a recipient into clicking on the file.

Alternatively an unsuspecting user might be duped into clicking on a link to a dangerous website, which silently installs a Trojan onto their PC and opens a backdoor through which hackers can spy upon their victim or steal information and resources.

Viruses have, from time to time, proven very successful – in the past they have infected swathes of files, and large numbers of computers, rapidly spinning out of control.

But this uncontrolled spreading can in itself be a virus’s downfall. That’s because malware doesn’t want to draw attention to itself, because if it’s noticed it might more easily be countered.

But that isn’t the only reason why writing a virus as a defence measure may not be the smartest idea ever.

For instance, if you let loose a self-replicating piece of code to fight your enemies – what are you going to do when it inevitably requires a bug fix? All programs, including malware, can contain unintended bugs which might have negative consequences. If Japan’s defensive virus needs an urgent bugfix when it’s out in the field, would you release another virus to try and catch up with it to apply the patch?

Remember – you cannot guarantee that the system the virus is running on has access to the internet to download an update from there.

And what happens if the bug in the virus means that it misidentifies its intended target and instead runs on an innocent computer? What if the virus accidentally finds itself on the computer of a Japanese business or – just imagine! – a Japanese military system. Can there be confidence that it won’t cause any harm? Even a “good” virus uses system resources such as disk space, memory and CPU. On a critical system such a virus could cause unexpected side effects.

Maybe the boffins in Japan are thinking that a virus could be used for a “good” purpose, such as applying patches to vulnerable computers, servers, and IoT devices that have been hijacked by cybercriminals or an enemy state. They may be imagining a “good virus” that can hop from PC to PC, mopping up infections as it goes.

But again, what do you do when it goes wrong? Could such a virus leave computers in a worse state than they were in the first place? Might a virus spreading to combat a cyberattack prove to be incompatible with some operating systems or – a potentially bigger headache – unable to coexist harmoniously alongside future OS updates.

The truth is that when you release a virus you are taking a big gamble, and it doesn’t just affect you but everyone else in its path.

I suspect that the Japanese don’t need to develop viral code to fight a malware infection. Anything which can be done by viral code can be done “with less headaches” by non-replicating software.

If you want to learn more about the pitfalls of using viruses to fight viruses I can recommend reading a lengthy paper written by veteran anti-virus researcher Vesselin Bontchev entitled “Are ‘Good’ Computer Viruses Still A Bad Idea?”

Although written in the early 1990s, Bontchev’s paper is still valid today and gives many explanations about the potential pitfalls of using malware to fight malware. Things may have changed a lot in the world of cybersecurity in the last 25 years, but the fact that so-called “good” malware can have unintended negative consequences doesn’t seem likely to go away.

Tags

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • For some reason the article sounded familiar but if I have seen it it was years ago and I do not remember. Perhaps I was thinking (though I could have sworn I was thinking of both…) 'Improving the Security of Your Site By Breaking Into It'. As for a Japanese infection itself that was my first thought. Surprise surprise there.

    You might also point out logic bombs though on the subject of malware. And whilst at it ransomware. I imagine too though I don't know off hand that some ransomware is activated by way of a logic bomb. And thinking back to CIH and even Kriz (T2 was really a disturbed individual; I knew him but he always hated me and yet when he ended his life – and I would have been there for him if he had let me but he would have never for he hated me the moment I met him even before talking – his 'friends' were laughing at him. That infuriated me but point is there is a reason all his code was extremely destructive)j … Those are to me nothing in comparison to ransomware. Sure it did damage hardware but ransomware is just far more malicious and all for money.

    Going back to viruses there also are worms which reminds me of a worm decades ago that would uninstall another worm and patch the system up. I don't recall for certain but I seem to vaguely remember that it also caused problems. And as for bugs! Look at the infamous Morris Worm of 1988! He had misdirected and only because of the critical error (which ended up acting like a fork bomb) was he caught; I dare say that if it didn't make the systems crawl to their knees he might never have been caught or certainly it wouldn't have been as likely.

    But the most important thing to all of this is it's extremely shameful of Japan or indeed any nation. To think that a nation of honour would do this … One might argue that they have done horrible things and yes that's true but that doesn't mean everything they do is bad and Japan is one of the nations I would not have expected to resort to malware – whatever kind it might be. Shameful and terribly sad. I hope they reconsider it but the fact they have considered it is a huge problem itself!