A Hollywood Ending to the Great Panda Virus Caper

Posted on September 26, 2007
Filed Under China Hackers, China Internet, China Law, Malware, Security |

The Caper
In January of 2007 Kaspersky Labs received reports of a new and nasty virus in China that changed icons into pandas and stole IDs and passwords for online games and the QQ IM service. The virus was so terrible that the Shanghai Information Technology Service Center was driven to issue their first-ever five star severity rating. One million computers were affected, with unknown consequences for the online population.

The Arrest
On March 15 police in the city of Wuhan, in Hubei Province, arrested Mr. Li Jun, 25, and his three (later four) young accomplices for creating and selling the infamous “panda burning joss sticks” virus. Mr. Li stated that they had made over RMB200,000 by selling it to twelve customers.

The Virus
Kaspersky had seen similar viruses in China before. It had been developed from the Viking virus, first seen in 2005. By September of 2006 they had cataloged thirty more variants. It spread quickly, infecting tens of thousands of Chinese websites. In February of 2007 a new, even more virulent strain emerged. It was distinct enough to merit its own variant name: fujacks. Its vector was network shares, huge university networks provided an excellent incubation environment, and it and its variants were spread by multiple people. Kaspersky believes that China provides a unique ecosystem that allowed this particular virus to flourish. It could happen only in China.

Mr. Li did attempt to cooperate with the authorities by writing a second virus to remove the first virus. Kaspersky notes that he was unsuccessful.

In August Mr. Li and his confederates were arraigned on charges of damaging internet information systems in the People’s Court of Xiantao City. They were charged under China’s Criminal Law. It mandates a five year sentence for anyone “who writes or spreads malicious software and causes huge losses”. Seven more hackers were detained for spreading the virus.

This was not Mr. Li’s first virus. He and one of the other men, surnamed Lei, had created a previous virus to steal QQ IM accounts.

The Trial
Mr. Li was tried on or about September 23rd. During the trial he explained that from December of 2006 until February of 2007 he earned approximately RMB145,000 from selling the virus. He charged RMB3,000 for every copy sold. No explanation was given for the discrepancy between the initial reports and the trial testimony. Kapersky’s analysis was not entered as evidence.

In his confession, Mr. Li explained that he created the virus after an information security company rejected his job application.

He was sentenced to four years in jail, with the other men’s sentences lasting from one year to thirty months.

The Happy Ending
The Jushu Technology Company of Hangzhou, Zhejiang Province, was one of the virus’ many victims. However, Dong Zhenguo, the general manager, told the Changjiang Times of Hubei that he would like to hire Mr. Li as technical director. As despicable as Mr. Li’s virus was, Mr. Dong thinks that Mr. Li is probably a good man who was driven to extremes.

Mr. Li’s lawyer, Wang Wanxiong, couldn’t agree more. Mr. Wang was quoted saying that Mr. Li is a “precious genius” and that ten other firms across China had offered him jobs.

They’ll have to dig deep, Mr. Dong is offering an RMB1,000,000 annual salary. No word on if the Hubei prisons have a work release program.

Further Reading
Shanghai Daily on the arraignment
Shanghai Daily on the sentencing
Shanghai Daily on the happy ending
Kasperky Labs on the virus
The Jushu Technology Company

Comments

• Search for:

• Recent Posts

  • Catching Porn in China
  • Neuter Me This: iPhone China Rumor
  • IPv4 Doomsday: The Gods Themselves
  • Ma Fought the Law and the Pirate Software Manufacturer Won
  • Microsoft: A Stone Pecked by Two Birds
  • IPv6: Start the Doomsday Clock at 830 Days
  • China Mobile & iPhone: Minor Official Makes Timid Prediction
  • Corporate Warfare on the Internet
  • Gov to Web: Happy News it Up
  • Youku User Flagged As Inappropriate
  • The End of Mob Rule on the Internet in China? Hardly
  • Can the iPhone 3G Save TD-SCDMA?
  • Digital China Wants to Watch You
  • Kingsoft Sinks AV Pirates
  • Xiamen: We Don’t Need No Stinking WiFi

• Categories

  Select Category Apparatchiks Beijing Olympics Business Continuity China Business China Distribution China Hackers China Internet China Law China Online Games China SMB Cloud Computing Corruption Cyberespionage GFW Intellectual Property Malware Mobile RFID SaaS Security Software Piracy Uncategorized Wireless Networks

• Companies

  3Com Acer Alibaba AMD Apple Asus Baidu Bain China Mobile China Netcom China Telecom China Unicom Cisco Datang Dell Digital China E-House EMC Founder Gome Google H3C Haier HP Huawei Intel Kaspersky Kingsoft Lenovo Microsoft New China Unicom Nokia Red Flag Rising Sina Skype Sohu Sophos Suning Symantec Taobao Tencent Tippingpoint Yahoo ZTE

• Subscribe via Email

  Enter your email address:

  Delivered by FeedBurner

• Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
  • • RSS
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 
    • 

• Archives

  • September 2008
  • August 2008
  • July 2008
  • June 2008
  • May 2008
  • April 2008
  • March 2008
  • February 2008
  • January 2008
  • December 2007
  • November 2007
  • October 2007
  • September 2007
  • August 2007
  • July 2007

• Blogroll

  • Caijing Online
  • China Herald
  • China Law Blog
  • China on Seeking Alpha
  • China Tech News
  • China Web 2.0 Review
  • Danwei
  • Dark Visitor
  • Frog in a Well
  • Ogilvy Digital China Watch
  • Pacific Epoch
  • Silicon Hutong
  • WSJ’s China Journal