Top ten viruses and hoaxes reported to Sophos in July 2005

August 01, 2005 Sophos Press Release

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten viruses and hoaxes causing problems for businesses around the world during the month of July 2005.

The report, compiled from Sophos's global network of monitoring stations reveals that Netsky-P, the worm written by the recently convicted German teenager, Sven Jaschan, tops the charts this month. However, it is the variants of the Mytob worm that are dominating the polls - accounting for seven of the top ten positions and over 37% of all viruses reported to Sophos in July.

The top ten viruses in July were as follows:

Position Last
month
Malware Percentage of reports
12W32/Netsky-P
   13.9%
23W32/Mytob-AS
   11.6%
31W32/Mytob-BE
   9.3%
44W32/Mytob-EP
   5.5%
58W32/Zafi-D
   3.5%
6NewW32/Mytob-CX
   3.2%
79W32/Netsky-D
   3.1%
810W32/Mytob-CJ
   2.6%
96W32/Mytob-CN
   2.6%
107W32/Mytob-AT
   2.3%
Others42.4%

"The sheer volume and range of the Mytob worms sees them hog most positions in the virus chart. It's not the viciousness of the worm that is the problem, but the constant onslaught of slightly differing variants," said Carole Theriault, security consultant, Sophos. "This month's only new entry into the chart is another family member - Mytob-CX, and despite accounting for only 3.2% of viruses in July, it shows that the Mytob threat continues to plague computer users."

SophosLabs, Sophos's global network of virus, spyware and spam analysis centres, has analysed and provided protection against hundreds of different Mytob variants, but new versions continue to be released by virus writers and hackers.

"The Mytob army of malware is one of the biggest we have ever seen," continued Theriault. "The criminals behind these attacks are constantly releasing new viral code to do their dirty work for them."

Most of the variants infect networks via email and many are able to take advantage of known software vulnerabilities, for which security patches are available. Many versions are also equipped with malicious code that enables them to communicate with the outside world - though Sophos points out that these can be contained by a firewall. Some new variants of the worm have even adopted a trick commonly used by phishers, where an email message directs recipients to a website. When they visit the site, they involuntarily download the Mytob worm.

"The good news is that although the Mytob army is tricky, it is controllable," continued Theriault. "Businesses can tackle these worms so long as they keep multi-layered anti-virus protection, firewalls and security policies fully updated, which will prevent them from turning off the network's anti-virus protection." In order to minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.

Sophos identified and protected against 1,380 new viruses in July. The total number of viruses Sophos now protects against is 107,598. Its research shows that 2.1%, or one in 47 emails, circulating during the month of July were viral - a slight decrease on the previous month, when one in 43 emails were infected.

The top ten hoaxes reported to Sophos during July 2005 were as follows:

Position Hoax Percentage of reports
1Hotmail hoax
   30.9%
2Meninas da Playboy
   8.1%
3Bonsai kitten
   7.3%
4WTC Survivor
   5.1%
5Jamie Bulger
   5.0%
6Budweiser frogs screensaver
   4.1%
7ICE virus hoax
   3.7%
8A virtual card for you
   3.0%
9Applebees Gift Certificate
   2.7%
10Bill Gates fortune
   2.2%
Others27.9%

"The ICE virus hoax has jumped on the coat-tails of a legitimate email campaign designed to encourage users to enter an 'In Case of Emergency' number into their mobile phones in the wake of the bombings in London. The hoax, however, tries to fool people into believing that following the advice opens them up to a possible mobile virus infection, which is complete poppycock," said Theriault. "Apart from that, the hoax chart sees little movement this month - with several of the same old faces cropping up. The Hotmail hoax holds the number one spot for the 13th month and has increased its domination by over ten percent."

"The Hotmail hoax continues to be the most prevalent, increasing this month to more than 20% of all reported hoaxes, " continued Theriault. "The best advice for hoaxes hasn't changed: avoid forwarding or responding to unsolicited emails. Instead, simply delete them to save your business's bandwidth from being gobbled up by this drivel."

Sophos has made available a free, constantly updated information feed for intranets and websites which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are available here.

More information about safe computing, including anti-hoax policies.