Fujitsu Working on 'Good Virus' to Seek and Destroy Attacking Systems

Fujitsu is reportedly working on a malware designed to track and disable systems behind a cyber-attack for the Japanese government.

Fujitsu is reportedly working on a cyber-weapon for the Japanese government designed to track and disable the sources of cyber-attacks, according to a Japanese newspaper.

Japan's Defense Ministry has commissioned Fujitsu to develop a virus capable of tracking, identifying and disabling the systems being used by cyber-attackers, the Yomiuri Shimbun reported Jan. 3. The Defense Ministry's Technical Research and Development Institute awarded the three-year project, which reportedly has a $2.3 million price tag, to Fujitsu in 2008.

The project includes both the virus and a system to monitor and analyze cyber-attacks, according to Yomiuri. The virus has already been tested in a "closed network environment" to test the capabilities without it accidentally being released into the wild, anonymous sources told the newspaper.

Yomiuri said Fujitsu declined comment, citing client confidentiality. The company did not respond to requests for comment from eWEEK.

The malware under development is designed to trace connections to identify where the cyber-attack is originating from, as well as all the "springboard" computers being used to launch the attack, Yomiuri said. It reportedly has the ability to collect relevant information from the attacking system and disable the malicious program, halting the attack in progress. It appears to be the most effective in tracking back the sources of distributed denial of service (DDoS) attacks as well as some types of attacks aimed at stealing information from compromised systems.

The idea of tracking down the source of attacks and taking active steps to halt an attack is an increasingly popular concept as organizations shift away from passive defenses. For example, Israel-based Radware offers "counter-attack" capabilities in its Attack Mitigation System to help organizations fight off distributed denial of service attacks.

Many anti-DDoS systems focus on just increasing the organization's ability to "absorb" the attacks and try to outlast the attackers, Carl Herberger, vice-president of security solutions at Radware, told eWEEK in an earlier interview. Radware, in contrast, relies on various tools that make it harder for the attacker to sustain the campaign and cause them to abandon the fight, he said.

Counterattacks are ways to neutralize the attacking tool in a passive, non-intrusive way. Techniques include applying sophisticated filters that slow down the malicious traffic hitting the organization's servers or just adding some lag time when attacking systems try to establish a connection, according to Radware. These steps would result in the attack taking longer to complete, or even cause the attacking program to time out or crash, thus "exhausting" the attacker into quitting the campaign, Herberger said.

By that measure, Fujitsu's attempt to automate the process by disabling the malicious program on the attacking system itself appears to be unique.

Under Japanese law, the military is restricted from launching cyber-attacks, and this new cyber-weapon is also limited by a law that bans anyone from developing computer viruses. The Defense and Foreign Ministries are reportedly discussing possible legal changes, according to Yomiuri.

"When you're trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it's probably not wise to let loose a program that starts to trample over your hard drives, making changes," Graham Cluley, a senior technology consultant at Sophos, wrote on the Naked Security blog. Cluley questioned the ramifications of another application, even if it is a "good virus," running on another person's computer.

However, a Defense Ministry official downplayed the tool's offensive capabilities, telling Yomiuri that the technology was developed for defensive use, such as identifying which terminal within the Japanese Self-Defense Forces was initially targeted.

The Japanese government was hit by several attacks in 2011. Mitsubishi Heavy Industries, the country's largest defense contractor, was infected by an information-stealing Trojan attack in September that successfully stole sensitive information. Several computers belonging to several members of Japan's parliament were also compromised by a malicious email over the summer.