Top ten viruses and hoaxes reported to Sophos in April 2005

April 29, 2005 Sophos Press Release

Sophos, a world leader in protecting businesses against spam and viruses, has published a report revealing the top ten viruses and hoaxes causing problems for businesses around the world during the month of April 2005.

The report, compiled from Sophos's global network of monitoring stations, shows that Zafi-D, which first appeared at the end of 2004, continues its reign at the top of the list for the fifth month running, accounting for 46.6% of all reports. Only one new threat - Mytob-Z - has managed to break into the chart for April, appearing in seventh place.

The top ten viruses in April 2005 were as follows:

Position Last
month
Malware Percentage of reports
11W32/Zafi-D
   46.6%
22W32/Netsky-P
   20.6%
33W32/Zafi-B
   4.5%
45W32/Netsky-D
   4.5%
56W32/Netsky-Z
   2.5%
67W32/Netsky-B
   2.4%
7NewW32/Mytob-Z
   1.3%
88W32/MyDoom-O
   1.2%
99W32/Netsky-C
   1.1%
1010W32/Netsky-Q
   1.0%
Others14.3%

"Old viruses are still taking advantage of poorly protected computers in April," said Carole Theriault, security consultant at Sophos. "The Zafi family of viruses accounts for over 50.0% of all the viruses reported to Sophos in the last month. Perhaps the success of these worms lies in their ability to spread in multiple languages, catching out unwary users all over the world. Users should not only be suspicious of unsolicited email in any language, they should also be ensuring up-to-date anti-virus protection is in place to thump this virus family on the head."

"Although Mytob-Z only accounts for a small percentage of the top ten reports, it is the only new worm that has managed to break into the stronghold of old threats," continued Theriault. "First sighted in mid-April, Mytob-Z is a nasty piece of work - not only does it spread ferociously, but it plants a backdoor Trojan horse which can be used by remote hackers to gain access and control over a victim's computer. The computer can then be spied upon or used to send spam or launch denial of service attacks."

Sophos analysed and protected against 1146 new viruses in April. The total number of viruses Sophos now protects against is 103,269. Sophos research shows that 2.2%, or one in 46 emails, circulating during the month of April were viral. This figure is slightly lower than last month when 1 in 38 emails were viral.

In order to minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.

The top ten hoaxes reported to Sophos during April 2005 are as follows:

Position Hoax Percentage of reports
1Hotmail hoax
   22.9%
2Meninas da Playboy
   10.4%
3Bonsai kitten
   7.9%
4A virtual card for you
   5.1%
5Jamie Bulger
   4.4%
6WTC Survivor
   4.2%
7Mobile phone hoax
   3.0%
8Bill Gates fortune
   2.8%
9Budweiser frogs screensaver
   2.6%
10Applebees Gift Certificate
   2.1%
Others34.6%

"While the Hotmail hoax maintains its dominance, there are a couple of re-entries to the chart this month," said Theriault. "The mobile phone hoax, first seen in 2000, spreads via email. It is designed to dupe people into believing that answering a call where caller information is unavailable will render the mobile unusable. As ever, this hoax is nonsense, and the best response for computer users is simply to delete these messages."

Sophos has made available a free, constantly updated information feed for intranets and websites which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are available here.

More information about safe computing, including anti-hoax policies.