Vigilante alert

This week, the question was raised whether courts worldwide are giving consistent sentences to hackers.

This follows the news that a Japanese man had escaped jail, despite admitting writing a virus that wiped music and movie files on innocent users' computers, explains Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.

Masato Nakatsuji (24), who was revealed to be the first virus writer to be arrested in Japan, admitted writing the malware, which displayed images of popular TV anime characters while destroying data on third-party computers.

"The malicious code was spread via the controversial Winny file-sharing system in Japan last year," he says.

While Nakatsuji was found guilty, the sentence was suspended for three years and he will not have to serve any time in prison, Myroff explains.

"Nakatsuji was found guilty of copyright infringement rather than for the damage his movie and music-munching malware caused. One has to wonder whether, if he had been apprehended in another country, he would have been charged with a more conventional cyber-crime and might have got a more serious sentence," says Myroff.

While Nakatsuji claimed his malware was an attempt to punish people who downloaded copyrighted material from peer-to-peer file-sharing networks, Sophos believes it is wrong for Internet users to take the law into their own hands.

"There are enough cyber-criminals out there causing harm and stealing money and identities with malicious code - the last thing we need are vigilantes entering the mix, writing malware to try and put right what they believe to be wrong," says Myroff.

"Businesses are increasingly looking to control users' access to P2P file-sharing software - not just because they can eat up bandwidth or infringe copyright laws, but also because they can present a security risk to your corporate data," he explains.

Application control, Myroff adds, can allow system administrators to set a policy as to which applications users are allowed to run.

This week's line-up of low to medium prevalence Trojans includes the Troj/BHO-FN and Troj/FakeAle-BK, aka Trojan-Downloader.Win32.FraudLoad.adt, says Myroff.

"Troj/PSWSys-Gen, another Trojan for the Windows platform, is a kernel driver that attempts to record keystrokes silently," he says.

According to Myroff, Troj/NtRootK-DJ has also been detected, and is a rootkit Trojan for the Windows platform.

Troj/Bckdr-QNO, also affecting Windows users, installs itself in the registry. It includes functionality to access the Internet and communicate with a remote server via HTTP, he says.

Besides the usual spate of Trojans emerging, the W32/Autorun-EE worm was also noted as well as Mal/EncPk-DX, a program packed with a protection system typically used by malware authors and displays malicious behaviour, he concludes.