Experts at Sophos have advised computer users to think carefully about how they remedy virus infections, following news that the Chinese police are to release a clean-up program written by the author of the Fujacks worm.
According to Chinese media reports, authorities are planning to issue a fix for the Fujacks worm, which turns icons into a picture of a panda burning joss-sticks. Controversially, the remedial program has been written by Li Jun, the suspected author of the virus.
“Hackers and virus writers have shown themselves to be irresponsible and untrustworthy and I certainly wouldn’t choose to run their code on my computer,” said Graham Cluley, senior technology consultant for Sophos. “Additionally, the Fujacks virus left some infected files unable to run. That hardly suggests that the author took quality assurance seriously when he constructed his malware. Our recommendation to computer users would be to clean their PCs with professional tools written by security experts.”
Chinese police arrested Li Jun, and five other people, in connection with the creation and distribution of the Fujacks worm earlier this week. Li Jun was said in a police statement to have earned more than US $12,500 by selling the malware to other internet hackers. Chinese media have claimed that Li was motivated to create the virus after he failed to find a career in the computer security industry.
In the final quarter of 2006 alone, Sophos detected 31,000 different webpages containing versions of the Fujacks malware.
Sophos notes that this isn’t the first time that a virus author has tried to write an anti-virus program.
“Malware authors have tried to write anti-virus programs in the past. For instance, Stormbringer of the Phalcon/SKISM virus-writing gang – whose real name was Mike Ellison – wrote a program to clean-up the SMEG virus, and Mark Washburn who created the V2P6 polymorphic virus also wrote anti-virus software,” continued Cluley. “However, the public tends to trust the security researchers who have not been tainted by writing viral code.”