Topic: W32/Fujacks: Panda Malware Breeders Arrested

[Amker]

Xinhua News Agency reported the arrest of several suspects believed to have been behind the creation and propagation of the W32/Fujacks file infector worm a.k.a infected files with the Panda icon.
In the article, the official Chinese media cited an announcement from the Public Security Department of the Hubei Province naming 8 suspects including a 25-year old believed to be “WhBoy”, the infamous nickname that is embedded in most variants of W32/Fujacks.
Throughout 2006 and continuing into 2007, McAfee Avert Labs has been closely monitoring the trends of cyber criminal activities in Asia. W32/Fujacks, amongst other profit-motivated multi-vector attacks, spiked in 2006 and looks to be a trend that will continue in 2007.
Between Q3 and Q4 2006, we saw a spike in the number of reported variants of Asian password-stealers and related trojans and file infectors. We blogged about this phenomenon with W32/HLLP.Philis variants in November 2006. What is really beyond these raw figures however is the increasing sophistication of Asian malware threats.
Both W32/HLLP.Philis and W32/Fujacks are more than the usual file infectors. These are multi-vector threats, usually including an aggressive downloader that updates itself frequently, can infect both executable and non-executable files over insecure media such as open network shares and USB drives, thus slipping through the cracks of loosely managed IT policies. Once successful, trusted media files can be further infected with malicious code or hyperlinks through PE file infection, web-based exploits over HTML or media files targeted against unpatched and vulnerable applications.

This approach of attacks on multiple system and user vulnerabilities at multiple layers dramatically increases the criminal opportunities for these malware authors. Indeed, we have seen a comparable rise in number of associated password-stealer variants reported - a considerable source of revenue for the worm seeders.

The lack of law enforcement in China in cyber crime has often been attributed for the rise in malware threats propagating from this region. It is encouraging to see the start of what appears to be the end of the first major case of cyber crime in China with these arrests. At the same time, enterprises need to consistently review and tighten up their current IT strategies to protect against the sophisticated attacks of today.