Press Releases

Browse our press release archive

14 Feb 2007

Chinese police consider releasing hacker's Panda virus fix

Would you run a virus writer's anti-virus?

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have advised computer users to think carefully about how they remedy virus infections, following news that the Chinese police are to release a clean-up program written by the author of the Fujacks worm.

According to media reports from China, authorities are planning to issue a fix to the Fujacks worm which turns icons into a picture of a panda burning joss-sticks. Controversially, the utility has been written by Li Jun, the suspect author of the virus.

"Hackers and virus writers have shown themselves to be irresponsible and untrustworthy and I certainly wouldn't choose to run their code on my computer," said Graham Cluley, senior technology consultant for Sophos. "Additionally, the Fujacks virus left some infected files unable to run. That hardly suggests that the author took quality assurance seriously when he constructed his malware. Our recommendation to computer users would be to clean their PCs with professional tools written by security experts."

Chinese police arrested Li Jun, and five other people, in connection with the creation and distribution of the Fujacks worm earlier this week. Li Jun was said in a police statement to have earned more than US $12,500 by selling the malware to other internet hackers. Chinese media have claimed that Li was motivated to create the virus after he failed to find a career in the computer security industry.

In the final quarter of 2006 alone, Sophos detected 31,000 different webpages containing versions of the Fujacks malware.

The Fujacks virus changes icons of infected programs to a picture of a panda holding joss-sticks

The Fujacks virus changes icons of infected programs to a picture of a panda holding joss-sticks.

Sophos notes that this isn't the first time that a virus author has tried to write an anti-virus program.

"Malware authors have tried to write anti-virus programs in the past. For instance, Stormbringer of the Phalcon/SKISM virus-writing gang - whose real name was Mike Ellison - wrote a utility to clean-up the SMEG virus, and Mark Washburn who created the V2P6 polymorphic virus also wrote anti-virus software," continued Cluley. "However, the public tends to trust the security researchers who have not been tainted by writing viral code."

Users of Sophos anti-virus products are already protected against the Fujacks worm. Sophos continues to recommend that users exercise caution about what software they run on their computers, don't use an administrator account for day-to-day work, write-protect network shares which contain corporate applications, and run the very latest security software.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at