Sophos

Talk to our experts

Find your local press contact

Resources

Info feeds

What are info feeds?

3 December 2007

Three year old worm accounts for almost a quarter of email-borne malware, reports Sophos Rise of old-timer indicates too many users failing to protect their systems

IT security and control firm Sophos has revealed the most prevalent malware threats and countries causing problems for computer users around the world during November 2007.

The study, compiled by Sophos's global network of monitoring stations, has shown that old-timer, Traxg, has leapt to number two in the chart, accounting for nearly 25 percent of all recorded email-borne malware in November, despite first being detected more than three years ago in October 2004. Pushdo once again topped the chart in November, in a month that has seen the malware author continue to release a number of variants, including the latest offering - a naked video of Britney Spears - in an attempt to entice and dupe unwary users.

Top ten email-based malware threats

The top ten list of email-based malware threats in November 2007 reads as follows:

Position Last
month		 Malware Percentage of reports
11Troj/Pushdo
   29.3%
2NewW32/Traxg
   23.6%
32W32/Netsky
   17.8%
4newMal/Dropper
   5.4%
54W32/Zafi
   5.0%
65W32/Mytob
   4.8%
7re-entryW32/Flcss
   3.3%
88W32/MyDoom
   2.9%
9re-entryW32/Strati
   2.8%
10re-entryW32/Bagle
   1.0%
Others4.1%

"Traxg hurtling into second position this month has come as a complete surprise, and the fact that unsophisticated worms are still slipping through the net at such a rate of knots is a clear indication that huge numbers of users, and potentially companies, are failing to install even basic anti-virus protection," said Graham Cluley, senior technology consultant at Sophos. "In first place, Pushdo continues to wreak havoc. A clear reason for its ongoing success is the guilty cybercriminal's ability to quickly create different variants, which are being spread voraciously in a range of spam messages. Each new piece of spam that harbours the trojan has been created to tempt users, and whether it's enticing them to watch videos of Britney or view naked pictures of Angelina, this fraudster's tactics are certainly working."

Overall in November, 0.1 percent of emails were carrying malicious email attachments, or one in every 1,000. Meanwhile, web attacks have risen this month, with Sophos detecting 7,500 new infected webpages every day, an increase of more than a third when compared to the same period in October.

Top ten web-based malware threats

The top ten list of web-based malware threats in November 2007 reads as follows:

Position Last
month		 Malware Percentage of reports
11Mal/IFrame
   69.6%
23Mal/ObfJS
   11.6%
32Troj/Unif
   3.7%
45Troj/Decdec
   2.3%
54Troj/Fujif
   1.2%
6NewW32/Feebs
   1.0%
7=7Mal/Packer
   0.7%
7=NewTroj/Unsc
   0.7%
9re-entryMal/Behav
   0.6%
10re-entryMal/FunDF
   0.5%
Others8.1%

Mal/Iframe once again topped the chart this month, accounting for more than two thirds of all infected web pages found in November, with Mal/ObfJS also maintaining its position in second place. Elsewhere in the chart, Unsc, a Trojan that attempts to download malicious code from the web, has made a first appearance at number seven. Meanwhile, webpages hosted in China continue to be plagued by Mal/Iframe, and overall the country hosted more than 50 percent of this month's infected webpages.

Top ten countries hosting malware on the web

The top ten list of countries hosting malware-infected webpages in November 2007 reads as follows:

Position Last
month		 Country Percentage of reports
11China (inc. HK)
   55.2%
23United States
   19.7%
33Russia
   11.4%
44Ukraine
   2.0%
59Germany
   1.6%
6NewTurkey
   1.4%
76Canada
   0.8%
8=7United Kingdom
   0.7%
8=Re-entryPoland
   0.7%
10NewFrance
   0.6%
Others5.9%

"The big three - China, the US and Russia- continue to dominate the chart, accounting for more than 85 percent of all infected webpages world-wide," continued Cluley. "Despite this, the fluctuation in the rest of the chart, highlighted by the four new entries this month, shows that this is very much a global problem. To stop it turning into a major pandemic, web hosts throughout the world would be well advised to clean up their sites and quash the hackers by installing web security protection."

Top ten hoaxes and scams

The top ten list of email hoaxes and scams in November 2007 reads as follows:

Position Hoax Percentage of reports
1Olympic torch
   10.1%
2=Hotmail hoax
   5.8%
2=A virtual card for you
   5.8%
4Parcel Delivery Service scam
   4.8%
5A Vida é Bela
   3.4%
6MSN is closing down
   2.3%
7=Welcome to the Matrix
   2.2%
7=Bum_tnoo7 Facebook hacker
   2.2%
9Bill Gates fortune
   2.1%
10Applebees Gift Certificate
   1.7%
Others59.6%

Sophos experts have compiled simple best practice guides to adopting a multi-layered defense. With blended threats, spam and phishing attacks on the rise it has never been more important to educate end users about how best to protect themselves.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also: