Page 2 of 2
There have been other incidents of malware used to protect against piracy or potentially spy on individuals, said Dan Ring, director of global communications at Sophos. The most notorious may be the Sony rootki,t which was embedded into millions of music CDs in 2005. It was first detected by an independent researcher. The rootkit was automatically installed if a CD was inserted into a computer to prevent the PC from copying music. Sony BMG eventually settled lawsuits agreeing to pay out millions to those impacted.
In Germany, the country's federal crime investigation agency was suspected to be behind the R2D2 malware installed on a person's machine as it passed through customs control at Munich Airport.
Sophos doesn't approve of whitelisting malware in its products, Ring said. Malware initially works for a period until a researcher detects it or antivirus detects it by picking up an anomalous activity on a system, Ring said. "That said, as AVs don't detect 100 percent of malware, there is no guarantee that it will get detected," he said. "Targeted attacks can be evasive."
Investigators may have other ways to get software makers to open up. The FBI has been reportedly attempting to expand the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law that currently forces telecommunications firms to enable lawful wiretapping. The goal is to get the law to apply to eavesdropping on communications on Facebook, Microsoft and other firms by forcing software developers to build back-door access into their systems. But security experts point out that back doors open up weaknesses in software that can be used by cybercriminals.