Symantec(赛门铁克)公布李俊版熊猫烧香专杀工具测试结果

wangjay1980

2007-3-28，著名安全厂商Symantec(赛门铁克)公司在官方博客上公布了李俊版熊猫烧香专杀工具测试结果，结果显示，熊猫烧香作者李俊编写的熊猫烧香专杀工具不能有效的清除病毒。

以下是熊猫烧香作者李俊编写的熊猫烧香专杀工具对"熊猫烧香"各变种能否检测清除的 测试结果：

熊猫烧香病毒变种:	测试结果:
W32.Fujacks.A	无效
W32.Fujacks.AF	无效
W32.Fujacks.AW	无效
W32.Fujacks.B	部分有效
W32.Fujacks.C	部分有效
W32.Fujacks.D	部分有效
W32.Fujacks.E	部分有效
W32.Fujacks.L	部分有效

原文如下：http://www.symantec.com/enterprise/security_response/weblog/2007/03/fujacks_worm_creators_fixtool.html
Fujacks fixtool fixes "jack"Following the arrest of Jun Li (creator of the W32.Fujacks or "Panda" worm) by the Hubei Police on February 3rd, the police promised to make an example of the virus author. To that end, the police announced in early February that they were going to have the virus creator write a program to remove this virus and repair the damage done by it.
On March 27th we obtained a copy of the removal tool created by Li. Naturally we were curious about the effectiveness of the tool against the variants of the threat that were found in the wild.
When the tool is executed, the user is presented with a message from Li himself:

The message contains an apology and an explanation that he created the worm for research. He ends with a warning to beware of future threats (from others), and to take the necessary precautions. Li also acknowledges that his tool may not work as well as professional tools provided by security vendors.
To find out how good (or bad) the tool is, we ran a battery of tests against samples we had and the results made for a sobering read:

Variant:	Efficacy:
W32.Fujacks.A	Not effective
W32.Fujacks.AF	Not effective
W32.Fujacks.AW	Not effective
W32.Fujacks.B	Partially effective
W32.Fujacks.C	Partially effective
W32.Fujacks.D	Partially effective
W32.Fujacks.E	Partially effective
W32.Fujacks.L	Partially effective

Note:
"Partially effective" means that the tool managed to remove some of the system changes made by Fujacks, but many still remained. For example, in many of the tests the tool left behind registry keys created by the worm and failed to clean files that were infected by Fujacks.
What we can tell from our tests is that this removal tool is not effective against most of the samples we have tested against and isn't fully effective against any of them. For Li, perhaps he may have learned the hard way that this sort of activity does not pay. He has found out, to his cost, that it is much easier to write a program to cause destruction than it is to repair the damage.
Update:
We have published a whitepaper by Robert X Wang called The Panda Outlaw: W32.Fujacks. This paper discusses the authors of the worm, their motivations, the technical details, and the subsequent events since the release of the worm.

剑指七星

已经不错了   
人家好歹是在号子里面编写的

zhaonimm

这个  毕竟是自己作的  现在的变种是在是厉害啊  
原作者都没办法........
一旦病毒被破解

变种满天飞啊

gaue

創毒容易解毒難

sharkvv

可恶的熊猫烧香``

浪客

那个公安局的官网说还未正式公布，当初这个是流出的还是另有人编的

shincon

公安局说话不算话

hhj9920

呵呵 没中过熊猫烧香