Posted by Virus Bulletin on Jan 19, 2007
Chinese reports of 'major threat' thought unlikely.
Reports in the Chinese Shanghai Daily of a 'five-star cyber worm' which could be 'one of the most devastating cyber worms ever to attack Chinese-language programs' have been dismissed as hype by several security vendors.
The original report, which refers to the virus as 'worm.whboy', quotes estimated infection figures in the millions worldwide, involving the infection of over 1,000 firms including many multinationals. It also says that the worm exploits browser flaws to access machines, and then infects files, turning file icons into 'images of pandas with burning joss sticks'.
Further details from security firms have identified the malware as one of several variants of W32/Fujacks, which has been seen in worm form and as a file-infector infecting network shares with weak passwords (some variants include a stash of likely passwords to try). Some variants also infect HTML files with downloader code. However, reports of infections have been fairly low and no major outbreak appears likely, especially with the icon used leaving a clear mark of infection and a propensity to damage infected files rendering many victim machines inactive.
The original Shanghai Daily report is here, while commentary from McAfee's Avert Labs (here) and Sophos (here) both include pictures of the (rather cute) incense-burning panda icon.
Posted on 19 January 2007 by Virus Bulletin
