Fujacks hype incenses analysts

Posted by   Virus Bulletin on   Jan 19, 2007

Chinese reports of 'major threat' thought unlikely.

Reports in the Chinese Shanghai Daily of a 'five-star cyber worm' which could be 'one of the most devastating cyber worms ever to attack Chinese-language programs' have been dismissed as hype by several security vendors.

The original report, which refers to the virus as 'worm.whboy', quotes estimated infection figures in the millions worldwide, involving the infection of over 1,000 firms including many multinationals. It also says that the worm exploits browser flaws to access machines, and then infects files, turning file icons into 'images of pandas with burning joss sticks'.

Further details from security firms have identified the malware as one of several variants of W32/Fujacks, which has been seen in worm form and as a file-infector infecting network shares with weak passwords (some variants include a stash of likely passwords to try). Some variants also infect HTML files with downloader code. However, reports of infections have been fairly low and no major outbreak appears likely, especially with the icon used leaving a clear mark of infection and a propensity to damage infected files rendering many victim machines inactive.

The original Shanghai Daily report is here, while commentary from McAfee's Avert Labs (here) and Sophos (here) both include pictures of the (rather cute) incense-burning panda icon.

Posted on 19 January 2007 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.