Fujacks writer's removal tool slated

Posted by   Virus Bulletin on   Mar 30, 2007

Virus creator's anti-virus not up to scratch, says Symantec.

A cleanup tool created by the writer of the Fujacks virus, also known as the 'Panda burning incense' virus in reference to the icon used by infected files, has been criticised by researchers at Symantec as ineffective at removing the man's own creations.

Fujacks gained much press coverage after Chinese press hyped its virulence and effectiveness, although spreading has been limited, thanks in part to the clear evidence of infection provided by the unusual icon. The removal tool was released after the man, 25-year-old Jun Li of Wuhan province, was arrested in a groundbreaking case for the Chinese police. Included with the tool is an apology from the virus writer, and a warning to computer users to maintain good security regimes.

'It seems pretty obvious that a virus writer isn't going to have the necessary skills and knowledge to create a decent removal tool,' said John Hawes, Technical Consultant at Virus Bulletin. 'Users shouldn't trust amateurs to clean and protect their machines, quality anti-malware and other security software is a must for anyone wanting to keep their machines and data safe in the modern online environment.'

When analysed and tested by researchers at Symantec, the tool was found to be entirely useless at removing several variants of the virus, and only partially effective against others, leaving behind doctored registry keys and infected files. A blog posting on the study can be found at Symantec, here, while more detailed analysis of Fujacks itself can be found, in PDF format, here.

Posted on 30 March 2007 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.