The majority of malware written in China focuses on stealing gamers' user names and passwords for a growing underground ready to shell out cash to appear to be better players.

Sharon Gaudin, Contributor

August 22, 2007

2 Min Read

With four hackers being charged in China for creating and spreading the Fujacks worm, researchers say it shines a light on the growing number of cybercriminals going after the gaming community.

Li Jun, Wang Lei, Zhang Shun, and Lei Lei reportedly are facing charges in a people's court in Hubei Province in connection with the creation and distribution of the Fujacks worm, according to Sophos. Li Jun, 25, allegedly confessed to writing the worm and selling it to a dozen clients for $12,500 U.S.

Under Chinese law, the men could face five years or more in prison if convicted of writing and spreading the malicious software, Sophos researchers noted.

The worm, which also is known as Whboy, grabbed a lot of attention early this year with its tactic of converting icons of infected programs into a picture of a panda burning joss sticks as it steals user names and passwords from online game players. Joss sticks, according to Wikipedia, are incense sticks usually burned before a Chinese religious symbol or shrine.

Graham Cluley, senior technology consultant for Sophos, said in an interview that Chinese authorities rated the Fujacks worm a five-star risk, the country's highest security rating for malware. He added that the malicious code was embedded in about 3,500 Web sites, infecting visitors' machines.

Malware authors in China are increasingly writing code that will steal gamers' user names and passwords. Half of the world's 8 million online gamers come from China, according to Symantec's Internet Security Threat Report. With that much gaming activity going on, it's creating not just a target for hackers looking for a little fun, it's also creating a market for people to buy the identities of successful gamers.

Hackers specifically are going after the identities of people who are high scorers in games like World of Warcraft and Lineage. However, Cluley also points out that any gamer's user name and password is potentially valuable because about 40% of people use the same ones for everything from online games to their online bank accounts, PayPal accounts, and corporate logons.

"They'll steal your password and then they'll steal your personal goods or even apply for a loan in your name," said Cluley. "If they have that password, they might be able to sell it to other less-skilled gamers who want to appear to be better players, or they may very well have your banking password or your PayPal information."

About the Author(s)

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights