Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Trojan.Haradong Author and Accomplices Arrested

Created: 24 Jan 2008 08:00:00 GMT • Updated: 23 Jan 2014 18:42:50 GMT
Joji Hamada's picture
0 0 Votes
Login to vote

The Trojan.Haradong author and hisaccomplices have been arrested, not for creating the so-called "Haradavirus," but for unauthorized use of copyrighted materials.Unfortunately in Japan, there is no law prohibiting people fromcreating malware. There is a bill that was submitted to the NationalDiet several years ago but is still in its deliberation process and hasyet to be passed. Hopefully, this arrest will raise the priority forlegislators to pass a law banning the development and/or use of malwarefor malicious purposes. The law authorities sure can use the lawbecause at the moment they are having to brainstorm ideas on whatcharges to arrest these type of criminals on.

Let me first give you some background on Winny, which has been usedas a vehicle to spread this malware. Due to the characteristic ofmalware such as W32.Antinny, Winny and the malware lurking in thefile-sharing network has been a widely discussed topic in Japan thelast few years. The main characteristic is the capability of leakingfiles onto the file-sharing network. Once the malware is executed, itsearches the computer for files with file extensions such as .doc,.xls, .eml, .ppt, .dbx, .txt, and .pdf, and copies them to a particularfolder that is used to share files on the Winny network. Guess whatsort of files leaked out onto the file-sharing network? Confidentialdocuments from sources such as a power plant, the police department,the SDF, ISPs, and list goes on and on. We are still finding out aboutnew leaks almost daily. Once the file leaks out, there is no way toretrieve them. Because of the impact this has had on businesses and thegovernment in Japan, Shinzo Abe, the former Prime Minister and ChiefCabinet Secretary at the time, held a press conference asking Japanesecitizens stop using Winny. Also, in December 2006, Mr. Isamu Kaneko,the developer of Winny, was fined by a Japanese court for assisting inviolation of intellectual properties law. This should give you an ideaof how hot this topic has been in Japan.

Now let me explain what Trojan.Haradong and its variants do. Firstof all, the typical Trojan.Haradong has an enticing filename to attractpeople to download it. Though the file is an executable, the icon iseither an icon of a Windows Media Player file or an icon of a folder.When the malware is executed, anime pics/video is displayed on screencriticizing the infected user for misusing P2P software and downloadingillegal content. Some variants even override various files in theWindow's program folder and files under Documents and Settings\AllUsers with bitmaps of amine and/or deletes files downloaded by thefile-sharing applications Winny and Share. One variant even uploadsdetails of the compromised computer to the malware author. I believe itshould be illegal to create and/or distribute malware of this kind, butthe authorities can only charge them with violating the copyright law.

This arrest is said to be the first of its kind for creating a virusin Japan, and hopefully more will follow. But its up to the legislatorsto make this happen. Incidentally, there was a similar case back inJanuary 2006 when a man was arrested for creating and using spyware tosteal bank account details. He was arrested for using a computer tocommit fraud and for violating the unauthorized access law. In April ofthe same year, another man was also arrested for using similar spywareto steal bank account information. According to Symantec's definition,both spyware applications are classified as infostealers, a type ofTrojan Horse, which is malware not spyware. So therefore by thisdefinition, I would not consider the "Harada virus" author to be thefirst to be arrested for creating malware.

For more information about this event, here is an article written by the Asahi Shimbun and here is a past blog about Trojan.Haradong.