The Japanese Defense Ministry is nearing completion of a "seek-and-destroy" computer virus capable of disabling cyberattacks at the source.
Portrayed in reports as a purely defensive weapon, security experts, however, fear the implications of such a tool falling into the wrong hands.
"They [the developers] would never say, 'We're building a bigger bomb to hit you with,' but the reality is, building [a virus] with self-replicating code is going to be extremely useful in the near future for hitting you with," Dave Aitel, CEO of Miami-based Immunity Inc., told SecurityNewsDaily.
The three-year, $2.3 million project, reported in detail yesterday (Jan. 3) in The Yomiuri Shimbun, a Japanese news site, aims to build a virus that can "identify not only the immediate source of attack, but also all 'springboard' computers used to transmit the virus." After identifying the attack, the new virus will disable the attacking program and collect information about it, the article said.
Aitel, a former NSA computer scientist, said the project "makes very little sense and from a technical standpoint accomplishes limited goals." Careful to avoid the " cyberwar" hype, Aitel cited the $2.3 million figure as "not even toilet paper money" for a government project — the defense ministry is outsourcing the project to a private company, Fujitsu Ltd. Even with its scope, Aitel said the virus, eventually, could be a highly coveted offensive weapon.
Graham Cluley, senior technology consultant for the security firm Sophos, agrees, and says not only is Japan's new virus unnecessary, its side effects could be disastrous.
"When you're trying to gather digital forensic evidence as to what has broken into your network, and what data it may have stolen, it's probably not wise to let loose a program that starts to trample over your hard drives, making changes," Cluley wrote in a blog post.
The side effects — drained memory, increased computing power, wasted time and money and the possibility that even a "good" virus could spread unexpectedly — are reasons why the program could backfire against its creators, Cluley said.
Rik Ferguson, a researcher for the security firm Trend Micro, said launching a virus designed to hunt down an attack could, in effect, have the exact opposite effect.
"If it's designed to spread autonomously, then system owners will have no opportunity to test whether its supposedly altruistic activities will have any negative impact on a running system," Ferguson wrote. "It will also consume bandwidth, disk space, memory and processor cycles, all adding to the load, just as a malicious worm does effectively creating a Denial of Service condition."
"Finally," he added, "it really wouldn't take much effort for criminal groups to take these white-hat tools and modify them for more malicious use, blurring the line even more between the 'good' and the bad and putting professional grade carrier mechanisms in the hands of criminals."