Top ten viruses and hoaxes reported to Sophos in May 2005

June 01, 2005 Sophos Press Release

Sophos, a world leader in protecting businesses against spam and viruses, has published a report revealing the top ten viruses and hoaxes causing problems for businesses around the world during the month of May 2005.

The report, compiled from Sophos's global network of monitoring stations, reveals that the new Sober-N worm has toppled Zafi-D, which dominated the top of the virus chart for the previous five months. The bilingual Sober-N virus, which poses as tickets for the 2006 World Cup in Germany, was detected at the beginning of the month and rapidly spread across 40 countries - accounting for 4.5% of all email at its peak.

The top ten viruses in May 2005 were as follows:

Position Last
month
Malware Percentage of reports
1NewW32/Sober-N
   43.8%
21W32/Zafi-D
   14.5%
32W32/Netsky-P
   13.1%
44W32/Netsky-D
   3.1%
53W32/Zafi-B
   2.0%
6NewW32/Mytob-AZ
   1.6%
7=7W32/Mytob-Z
   1.5%
7=5W32/Netsky-Z
   1.5%
7=NewW32/Mytob-E
   1.5%
10NewW32/Netsky-N
   1.4%
Others16.0%

"Sober-N stormed to the top of the chart in early May, making it one of the biggest outbreaks so far this year," said Carole Theriault , security consultant at Sophos. "This manipulative email worm spread quickly, using social engineering tricks, such as offering free World Cup tickets, to entice recipients into opening the infected attachment. The Sober-Q Trojan, released a few weeks later, searched for computers infected with Sober-N and attempted to secretly turn them into spamming machines. The spam subject lines included 'Dresden Bombing Is To Be Regretted Enormously', 'Armenian Genocide Plagues Ankara 90 Years On', 'Dresden 1945' and 'Turkish Tabloid Enrages Germany with Nazi Comparisons'."

"This month also sees another new entry - Mytob-AZ," continued Theriault. "This is another mass-mailing worm accompanied by a backdoor Trojan, allowing others to access the infected user's computer. Despite only accounting for 1.6% of viruses in May, it is a concern due to the severe damage it causes to businesses."

Sophos identified and protected against 1,515 new viruses in May. The total number of viruses Sophos now protects against is 104,784. Its research showsthat 2.62%, or one in 38 emails, circulating during the month of May were viral - a small increase on the previous month.

In order to minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.

The top ten hoaxes reported to Sophos during May 2005 were as follows:

Position Hoax Percentage of reports
1Hotmail hoax
   17.2%
2Meninas da Playboy
   11.3%
3Bonsai kitten
   9.4%
4Jamie Bulger
   5.9%
5WTC Survivor
   5.9%
6A virtual card for you
   5.2%
7Bill Gates fortune
   3.5%
8Budweiser frogs screensaver
   3.4%
9Mobile phone hoax
   2.7%
10Applebees Gift Certificate
   2.6%
Others32.9%

"There has been little movement to the hoaxes chart this month, with the usual suspects standing their ground and proving relentless," said Theriault. "As ever, the best advice for computer users receiving this sort of hoax email is to ignore and delete them. Effective anti-spam defence will also reduce the impact of hoaxes and chain letters."

Sophos has made available a free, constantly updated information feed for intranets and websites which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are available here.

More information about safe computing, including anti-hoax policies.