At least eight people suspected of creating the Panda virus have been arrested in China. They include the 25-year old Li Jun believed to be “WhBoy”, the infamous nickname that is embedded in most variants of W32/Fujacks.
Geok Meng Ong, writing on the McAfee Avert Labs blog, says the security company has been monitoring cyber criminal trends in Asia over the last two years.
Profit-motivated multi-vector attacks – including password stealers and related trojans – showed a massive spike in the third and fourth quarters last year, a trend that is expected to continue in 2007.
However, writes Ong, it's not just the numbers that are worrying, but the increasing sophistication of Asian malware threats.
"Both W32/HLLP.Philis and W32/Fujacks are more than the usual file infectors. These are multi-vector threats, usually including an aggressive downloader that updates itself frequently, can infect both executable and non-executable files over insecure media such as open network shares and USB drives, thus slipping through the cracks of loosely managed IT policies.
"Once successful, trusted media files can be further infected with malicious code or hyperlinks through PE file infection, web-based exploits over HTML or media files targeted against unpatched and vulnerable applications," writes Ong.
"This approach of attacks on multiple system and user vulnerabilities at multiple layers dramatically increases the criminal opportunities for these malware authors. Indeed, we have seen a comparable rise in number of associated password-stealer variants reported – a considerable source of revenue for the worm seeders."
China's poor record of law enforcement in cyber crime may have exacerbated the trend, but yesterday's arrests will be seen as a positive move.