Sophos

Talk to our experts

Find your local press contact

Resources

Info feeds

What are info feeds?

12 February 2007

Suspects arrested in Panda joss-stick virus case Fujacks worm stole usernames and passwords

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that Chinese authorities have arrested a group of hackers in connection with the Fujacks worm. The worm (also known as Worm.Whboy) made headlines last month because it converts icons of infected programs into a picture of a panda burning joss-sticks as it steals usernames and passwords from online games players.

In the final quarter of 2006 alone, Sophos detected 31,000 different webpages containing versions of the Fujacks malware.

According to Chinese media reports, six men all in their twenties have been apprehended. One of those arrested, 25-year-old Li Jun, and is believed to use the handle "Whboy" and to be the creator of the Fujacks malware.

Li Jun, who lives in Wuhan, the capital city of Hubei Province in central China, was said in a police statement to have earned more than US $12,500 by selling the malware to other internet hackers. The Chutian Metropolis Daily has claimed that Li was motivated to create the virus after he failed to find an IT job in Guangzhou and Beijing.

"I wanted to find a job with an internet security company, but I failed every time," Li Jun is reported to have told police. "I wrote the program to express my discontent."

Fujacks changes icons of infected programs to a picture of a panda holding joss-sticks

Fujacks changes icons of infected programs to a picture of a panda holding joss-sticks, and steals information from users of the QQ instant messaging program.

"The international community should applaud the Chinese authorities for investigating one of their first major cybercrime cases," said Graham Cluley, senior technology consultant for Sophos. "With so much malware and spam being distributed from Chinese computers we can only hope that a strong message will be sent out to other criminals based in the country."

If found guilty of writing and spreading the malware, Li Jun could face a five year jail sentence.

In January Sophos published its annual Security Threat Report, which detailed the latest trends in malware around the world, identifying China-based web servers as being second only to the United States for the amount of malware they host. According to Sophos experts over 30% of all malware is written in China.

Users of Sophos anti-virus products are already protected against the Fujacks worm. Sophos continues to recommend that users exercise caution about what software they run on their computers, don't use an administrator account for day-to-day work, write-protect network shares which contain corporate applications, and run the very latest security software.

PDF Download now
Sophos Threat Report July 2008
  • SQL injection attacks are the biggest threat
  • 90% of malware on legitimate sites
  • Hackers exploit Web 2.0

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also: