Sophos : China strikes spyware gang of four with hefty jail sentences
March 2008 by Marc Jacob
Sophos is warning hackers of the consequences of cybercrime, following the announcement that a Chinese court has handed out severe jail sentences to four men who used a Trojan horse to steal bank account information from unsuspecting computer users.
According to media reports, in one month the men stole more than 100,000 yuan (more than GBP 7,000) from internet bank accounts after distributing a spyware Trojan horse.
Shanghai’s Intermediate People’s court sentenced Chen Feng, Yu Li and Zhang Wei to prison for between six and a half to eight years, after finding them guilty of larceny. The men were also fined between 40,000 and 60,000 yuan. A fellow conspirator, Zhao Gang, who drew money out of cash machines, was sentenced to 30 months in prison for hiding illegal income.
The court heard that the men discussed stealing identities by breaking into online bank accounts with malware in early 2007. In just over a month they stole 127,800 yuan (GBP 9,000) from the bank accounts of three victims, transferring the money into an account set up by Yu Li, before withdrawing cash at different ATMs.
"Hackers need to think long and hard about whether it’s worth the risk before embarking on their life of crime. An eight year jail sentence is one of the toughest we have ever seen in connection with malware. Spending time in a Chinese jail for such a small reward seems an enormously dangerous gamble for cybercriminals to make," said Graham Cluley, senior technology consultant for Sophos. "Sadly we are seeing more and more malware emerging from China, much of it designed to steal information from unsuspecting computer users. The advice for consumers and businesses remains to secure their computers with tight defences."
Sophos recently published its Security Threat Report 2008, which revealed that over half of the world’s web-based malware is hosted on webpages based in China.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.