Sophos

Talk to our experts

Find your local press contact

Resources

Info feeds

What are info feeds?

22 August 2007

Gang of four charged in Chinese joss-stick worm case "Panda burning incense" worm stole usernames and passwords

IT security and control firm Sophos has warned hackers of the consequences of their criminal activities, following reports that four men have been charged for allegedly creating and spreading an internet worm in China.

Li Jun, Wang Lei, Zhang Shun and Lei Lei are facing charges in a people's court in Hubei Province in connection with the creation and distribution of the Fujacks worm. The worm (also known as Worm.Whboy) made headlines earlier this year because it converts icons of infected programs into a picture of a panda burning joss-sticks as it steals usernames and passwords from online games players.

25-year old Li Jun is said to have confessed to having written the worm, and selling it to 12 clients for more than 100,000 yuan (US$12,500).

Under Chinese law the men could face five years or more in prison if convicted or writing and spreading the malicious software. According to prosecutors, the gang sold the personal information they stole online with Fujacks for thousands of dollars.

Fujacks changes icons of infected programs to a picture of a panda holding joss-sticks

The Fujacks worm changed icons of infected programs to a picture of a panda holding joss-sticks, and stole information from users of the QQ instant messaging program.

"As cybercrime has increasingly evolved into being driven by money, so the authorities are taking a harder line against its perpetrators," said Graham Cluley, senior technology consultant for Sophos. "Criminal hackers should think long and hard about whether the riches they accrue are really worth what could be a long spell in prison."

Earlier this year, Sophos advised computer users to think carefully about how they remedy virus infections, following news that the Chinese police were planning to release a clean-up program written by Li Jun.

"It remains to be seen whether the-powers-that-be in China act more sympathetically to the worm's author as he apparently wrote a program to clean-up the infection," continued Cluley. "Our recommendation, however, remains to use legitimate anti-virus software to deal with a malware infestation - not to rely on a tool that may have been written by one of the hackers responsible for the outbreak in the first place."

Sophos experts noted in a report released last year that over half the malware written in China is designed to steal passwords, with much of it aiming to purloin information from online game players.

Last month, Sophos published its Security Threat Report July 2007, examining the latest trends in spam, malware and hacking. Included in the report are details of some of the more notable arrests made by the cybercrime-fighting authorities since the beginning of the year.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

PDF Download now
Sophos Threat Report July 2008
  • SQL injection attacks are the biggest threat
  • 90% of malware on legitimate sites
  • Hackers exploit Web 2.0

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also: