Top ten viruses and hoaxes reported to Sophos in December 2005

January 05, 2006 Sophos Press Release

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten viruses and hoaxes causing problems for businesses around the world during the month of December 2005.

The report, compiled from Sophos's global network of monitoring stations, reveals that Sober-Z has taken the world by storm this month, accounting for a massive 78.92% of all malware reported to Sophos. Its domination of the charts is making other current threats pale in comparison, and the Sober threat shows no sign of slowing down.

The top ten viruses in December were as follows:

Position Last
month
Malware Percentage of reports
11W32/Sober-Z
   78.9%
27W32/Zafi-B
   3.3%
32W32/Netsky-P
   2.3%
44W32/Mytob-EX
   1.4%
5NewW32/Mytob-FO
   1.2%
66W32/Mytob-BE
   0.7%
75W32/Zafi-D
   0.6%
73W32/Mytob-GH
   0.6%
910W32/Mytob-C
   0.5%
9NewW32/Mytob-FM
   0.5%
Others 9.5%

The highly prolific Sober-Z worm sends itself as an email attachment and attempts to turn off security software on the user's computer. The author of this worm has been operating anonymously for more than two years, and this latest threat is the cyber criminal's most widespread virus yet.

"A key differentiator of the Sober worms is their ability to dupe users. From promising World Cup football tickets, to posing as the FBI or long-lost pal, it seems the Sober family will stop at nothing to ensure that recipients launch the viral email attachment," said Carole Theriault, senior security consultant at Sophos. "The Sober-Z worm stormed to the top of the November 2005 chart and continued to hold the number one spot throughout December. Should the author go ahead and upload malware onto websites for infected machines to grab and run, as anticipated, the worm may disrupt businesses even further."

Ironically Sober-Z, which can disguise itself as a message from investigators at the FBI, CIA or Germany's Federal Crime Office (BKA), led to the arrest of a child porn offender this month. The 20-year-old German man believed the contents of the infected email, which informed him that he was being investigated by the BKA for visiting illegal websites, and subsequently turned himself into the police.

"Rarely does a virus actually benefit society, but few people would discourage the German police from investigating this guy," continued Theriault. "However, it is an inadvertent victory for justice - the Sober virus writer has been causing havoc for computer users around the world for several years. The good news is that this persistent worm is easy to combat if home users and businesses have effective up-to-date anti-virus and anti-spam protection in place, and if they follow safe computing practices."

The rest of the chart has remained fairly static during December. Zafi-B is the only climber, creeping up from seventh to second position. However Sober-Z's dominance has ensured that this worm still only accounts for 3.3% of malware reported to Sophos in the last month of 2005. Elsewhere in the chart, Netsky-P is still hanging on, but has dropped to third position, and several Mytob variants continue to plague businesses and users, including two new entries, Mytob-FO and Mytob-FM.

Sophos's research shows a significant rise in the number of infected emails. In December, 6.1%, or one in 16 emails was viral. Sophos now identifies and protects against a total of 115,748 viruses, an increase of 1,666 on last month.

In order to minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.

The top ten hoaxes reported to Sophos during December 2005 were as follows:

Position Hoax Percentage of reports
1Hotmail hoax
   20.4%
2A virtual card for you
   10.1%
3=Meninas da Playboy
   8.4%
3=Bonsai kitten
   8.4%
5Elf Bowling
   6.1%
6Budweiser frogs screensaver
   4.1%
7Applebees Gift Certificate
   3.1%
8Bill Gates fortune
   2.9%
9Jamie Bulger
   2.4%
10Mobile phone hoax
   2.2%
Others31.9%

"There are two re-entries fooling users this month," said Theriault. "The Elf Bowling hoax, which has made a festive re-appearance, warns users that the game is infected with a virus and should be deleted immediately upon receipt. This hoax is essentially harmless, but serves as a reminder to companies that they should explain to employees the danger of distributing executable files. The game, while not a malicious threat, can divert employees from doing real work."

Sophos has made available a free, constantly updated information feed which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are also available.