Suspects arrested in panda joss-stick virus case

Sophos has welcomed the news that Chinese authorities have arrested a group of hackers in connection with the Fujacks worm. The worm, also known as Whboy, made headlines in January 2007 because it converts icons of infected programs into a picture of a panda burning joss-sticks as it steals usernames and passwords from online games players. In the final quarter of 2006 alone, Sophos detected 31,000 webpages containing versions of the Fujacks malware.

According to Chinese media reports, eight suspects have been held in Wuhan, the capital city of Hubei Province in central China. One of those arrested, 25-year-old Li Jun, is believed to use the handle “Whboy” and to be the creator of the Fujacks malware. According to a police statement, Li Jun earned more than US $12,500 by selling the malware to other internet hackers.

In January Sophos published its annual Security Threat Report, which detailed the latest trends in malware around the world, identifying China-based web servers as being second only to the United States for the amount of malware they host. In total, 30 percent of the world’s malware originates in China and half of this attempts to steal usernames and passwords, giving cyber criminals easy access to personal and sensitive data for financial gain and identity theft.

“The international community should applaud the Chinese authorities for investigating one of their first major cybercrime cases,” said Graham Cluley senior technology consultant for Sophos. “With so much malware and spam being distributed from Chinese computers we can only hope that a strong message will be sent out to other criminals based in the country.”