Asian news outlets reported this week that a “devastating cyberworm” affected “several million” users in China, but today some Western security experts questioned the accuracy of those reports.
The Shanghai Daily newspaper wrote that the malware in question, which it referred to as "worm.whboy," attacks Chinese-language Windows systems through infected websites. A telltale sign of infection is the replacement of .exe files by the worm and the transformation of their icons into images of pandas with burning joss sticks, the article said.
It quoted an official with a Chinese web security firm who said that "several million" users were potentially affected.
While security experts outside China don't dispute that such a worm exists — it is more commonly referred to as Fujacks — they have expressed reservations about the reports.
Fujacks does in fact act as a parasitic worm, replacing .exe files with more copies of the malware and the trademark panda image that goes along with it. But it isn't limited just to Chinese-language Windows systems, said officials from Sophos.
In spite of this, security experts at the company believe that reported infection rates are grossly exaggerated.
"We have had one or two reports of infected PCs from Asia, but there is no evidence of any sort of 'devastating' outbreak – at least amongst business users – as suggested elsewhere," said Graham Cluley, senior technology consultant for Sophos.
Cluley said that because of the nature of Fujacks' infection, it doesn't lend itself to a widespread infection.
"The virus leaves some infected files unable to work as usual, and infected computers are likely to be unusable until they are disinfected. This makes infection rather obvious," he said. "Despite its LAN-crawling ability, Fujacks is unlikely to go unnoticed as it spreads, which seems to mitigate against any sort of pandemic."
Click here to email West Coast Bureau Chief Ericka Chickowski.