Press Releases

Browse our press release archive

24 Sep 2007

Four years in a Chinese jail for virus writer who created joss-stick worm

"Panda burning incense" worm stole passwords and usernames

IT security and control firm Sophos has warned hackers of the dangers of engaging in cybercrime, following the announcement that a Chinese court has sentenced four men to jail.

The men were found to have been behind the Fujacks worm (also known as Worm.Whboy) which made headlines earlier this year because it converted icons of infected programs into a picture of a panda burning joss-sticks as it stole usernames and passwords from online games players.

25-year old Li Jun, who confessed to having written the worm, and selling it to 12 clients for more than 100,000 yuan (US$12,500), was sentenced to four years in prison by a court in Xiantao in Hubei province, China. Wang Lei, Zhang Shun and Lei Lei were sentenced to between one year and two and a half years in jail for their part in the criminal scheme.

Fujacks changes icons of infected programs to a picture of a panda holding joss-sticks

The Fujacks worm changed icons of infected programs to a picture of a panda holding joss-sticks, and stole information from users of the QQ instant messaging program.

"Chinese cybercriminals are not just hitting PCs in their own country, but impacting computer users worldwide, so it's encouraging to see the authorities taking action against the perpetrators," said Graham Cluley, senior technology consultant for Sophos. "Sophos experts have noted that a surprising proportion of malware written in China is designed to steal credentials from players of MMORPGs (Massively MultiPlayer Online Role-Playing Games). This stolen information provides a revenue stream for unscrupulous hackers who will sell the information on to the highest bidder."

Earlier this year, Sophos advised computer users to think carefully about how they remedy virus infections, following news that the Chinese police were planning to release a clean-up program written by Li Jun.

"Despite the worm's author writing a program to clean up his infestation, it doesn't seem to have gained him much sympathy from the authorities," continued Cluley. "Hackers would be wise not to break the law in the first place if they don't want to suffer from a similar fate."

Sophos experts noted in a report released last year that over half the malware written in China is designed to steal passwords, with much of it aiming to purloin information from online game players.

Earlier this month, the Chinese authorities strongly denied that PLA-sponsored hackers were targeting overseas government networks.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at