Li Jun, arrested in February and charged last month with making approximately US$13,000 selling the worm -- dubbed both "Fujacks" and "Panda Burning Joss Sticks" -- was given a four-year jail term by a court in Xiantao, China. Three other men -- all in their 20s, according to the Deutsche Presse-Agentur (dpa) wire service -- were sentenced to between one year and two and a half years for their part in spreading the worm.
The case opened Monday with prosecutors claiming that Li and the other defendants had caused "huge damage to millions of computer users from November to March," said dpa.
Altogether, the four men raked in just under $27,000 from their sales of Panda, which was written in October 2006 and released the next month. Li received the largest share. Another defendant, Wang Lei, got the second-largest slice: $10,500.
Li also made news after his arrest when police forced him to write a cleansing tool that was supposed to wipe Fujack from infected PCs. Local police said then that they would release the tool, but there has been no confirmation that authorities ever let it loose. Shortly after the news broke, Symantec Corp. researchers analyzed a copy and said it was nearly worthless.
Western security researchers weighed in again on Monday. "Chinese cybercriminals are not just hitting PCs in their own country, but impacting computer users worldwide, so it's encouraging to see the authorities taking action," Graham Cluley, a Sophos Plc senior technology consultant, said in a statement.
Panda's main purpose was to steal online game usernames and passwords, another fact that Cluley noted. "[We] have noted that a surprising proportion of malware written in China is designed to steal credentials from players of MMORPGs (Massively Multi-player Online Role-Playing Games)," he said. "This stolen information provides a revenue stream for unscrupulous hackers who will sell the information on to the highest bidder."