IT security and control firm Sophos has warned hackers of the
consequences of their criminal activities, following reports that four men have
been charged for allegedly creating and spreading an internet worm
in China.
Li Jun, Wang Lei, Zhang Shun and Lei Lei are facing charges in a
people's court in Hubei Province in connection with the creation
and distribution of the Fujacks worm.
The worm (also known as Worm.Whboy) made headlines earlier this
year because it converts icons of infected programs into a picture
of a panda burning joss-sticks as it steals usernames and passwords
from online games players.
25-year old Li Jun is said to have confessed to having written
the worm, and selling it to 12 clients for more than 100,000 yuan
(US$12,500).
Under Chinese law the men could face five years or more in
prison if convicted or writing and spreading the malicious
software. According to prosecutors, the gang sold the personal
information they stole online with Fujacks for thousands of
dollars.
The Fujacks worm changed icons of infected
programs to a picture of a panda holding joss-sticks, and stole
information from users of the QQ instant messaging
program.
"As cybercrime has increasingly evolved into being driven by
money, so the authorities are taking a harder line against its
perpetrators," said Graham Cluley, senior
technology consultant for Sophos. "Criminal hackers should think
long and hard about whether the riches they accrue are really worth
what could be a long spell in prison."
Earlier this year, Sophos advised
computer users to think carefully about how they remedy virus
infections, following news that the Chinese police were planning to
release a clean-up program written by Li Jun.
"It remains to be seen whether the-powers-that-be in China act
more sympathetically to the worm's author as he apparently wrote a
program to clean-up the infection," continued Cluley. "Our
recommendation, however, remains to use legitimate anti-virus
software to deal with a malware infestation - not to rely on a tool
that may have been written by one of the hackers responsible for
the outbreak in the first place."
Sophos experts noted in a report released last year that over
half the malware written in China is designed to
steal passwords, with much of it aiming to purloin information
from online game players.
Last month, Sophos published
its Security Threat Report July 2007, examining the latest trends
in spam, malware and hacking. Included in the report are details of
some of the more notable arrests made by the cybercrime-fighting
authorities since the beginning of the year.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.