Virus spreads data, scandal over Winny

By Carl Freire

updated 9:31 p.m. ET June 12, 2006

TOKYO - A computer virus that targets the popular file-sharing program Winny isn't the most destructive bug or even the most widespread. But it's the most talked about in Japan as it generates headline after headline, month after month.

The malware, called Antinny, finds random files on Winny users' PCs and makes them available on the file-sharing network. So far, the data leaked have been varied and plentiful: passwords for restricted areas at airports, police investigations, customer information, sales reports, staff lists.

The constantly updated virus seems to have spared no one — airlines, local police forces, mobile phone companies, the National Defense Agency. Even an antivirus software manufacturer has suffered.

"The virus has been quite effective in getting information off a user's computer and onto the Internet. The data is supposed to be secret, so people are quite sensitive about it," said Tsukuba University computer scientist Kazuhiko Kato.

Compared to attacks on Microsoft Corp.'s Windows software, the scope of the Antinny outbreak is narrow. But the Winny mess has caused an enormous brouhaha in Japan.

Antinny also may have the dubious distinction of being the first virus to exploit the nature of file-sharing itself — in Japan, if not in the world, said Mamoru Saito of Telecom Information Sharing and Analysis Center Japan. Other viruses and spyware are often found on such networks, though none appears to take advantage of the underlying technology to spread personal data.

And while Antinny's writers seem to be limiting themselves to Japanese file-sharing software for now, he said, the code theoretically could be modified to attack other file-sharing networks such as Gnutella and BitTorrent.

The outbreak has triggered a broad damage-control effort by government and businesses. They have banned Winny from in-house computers and fired employees who use it on them. They've also demanded that staff not take work home and delete Winny from any home PCs used for work.

"The most secure way to prevent the leakage of information is not to use Winny on your computer," Chief Cabinet Secretary Shinzo Abe, the government's top spokesman, told reporters.

MORE FROM SECURITY

Security Section Front

Web site design flaws make banking riskier Facebook redesign to weed out toxic spam The end of human customer service? EU warns against buying ring tones online Engineer accused of network tampering Man gets prison time for spamming AOL FCC chief says Comcast violated Internet rules Lawmakers to probe 'adware' practices Red Tape: Thwarting thieves with ... magic? 'Public' online spaces don't carry speech, rights Security Section Front   Add Security headlines to your news reader: