Top ten viruses and hoaxes reported to Sophos in January 2006

January 31, 2006 Sophos Press Release

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten viruses and hoaxes causing problems for businesses around the world during the month of January 2006.

The report, compiled from Sophos's global network of monitoring stations, reveals that a staggering 2,312 new pieces of malware have been recorded this month - an increase of more than a third on December's figures. Following its rampant domination of the chart in December 2005, Sober-Z, while still the worst offender this month, stopped spreading after 6 January, signalling the end of its monopoly. The fall of Sober-Z early in the month has led to a shake-up in the rest of the chart, including the entry of the new Kama Sutra worm (Nyxem-D) and the re-entry of two previously prolific worms.

The top ten viruses in January were as follows:

Position Last
month
Malware Percentage of reports
11W32/Sober-Z
   44.9%
23W32/Netsky-P
   8.7%
32W32/Zafi-B
   4.3%
4NewW32/Nyxem-D
   3.6%
56W32/Mytob-BE
   3.1%
65W32/Mytob-FO
   2.7%
7Re-entryW32/Netsky-D
   1.7%
84W32/Mytob-EX
   1.6%
99W32/Mytob-C
   1.5%
10Re-entryW32/Mytob-AS
   1.3%
Others 26.6%

The Sober-Z worm, which sent itself as an email attachment and attempted to turn off security software on the user's computer, is no longer a concern to users, but the fact that it stopped spreading in the first week of January and still accounts for almost 45% of malware reported to Sophos this month demonstrates the potency of the attack.

Nyxem-D, the Kama Sutra worm, which was first seen on 18 January, propelled itself into the charts this month at number four. The email worm uses a variety of pornographic disguises in an attempt to spread and disable security software. Nyxem-D is also programmed to overwrite files on Friday 3 February.

"In many ways the Kama Sutra worm is a throwback to the days when sexy subject lines and attachment names were often used to tempt users to open the infected file," said Carole Theriault, senior security consultant at Sophos. "The bad news for those who have been infected by the worm is that they run the risk of having their data wiped by its destructive payload on 3 February. This obvious sign of infection is a far cry from the stealth tactics employed by modern cyber criminals, bent on financial gain."

Theriault continued, "The rise of the Kama Sutra worm also shows the importance of educating employees on safe computing practices - whether it's opening joke files, pornography or screensavers, there is always a risk of infection."

Elsewhere in the chart, Netsky-P is hanging on to its top five place, creeping back up to number two this month.

"Some of these worms have been around for years, and should act as a wake up call for businesses and users who don't have adequate protection - these worms are simple to control as long as a consolidated solution is in place, and their spread would have been halted if anti-virus updates were applied," continued Theriault.

Sophos's research shows that 1.4% or one in 70 emails is viral. The company now identifies and protects against a total of 118,060 viruses, an increase of 2,312 on last month. A hefty proportion of the new malware written at the moment is Trojan horses, which are ideal for financially motivated hackers who want to target specific victims, whilst keeping their code firmly beneath the radar.

In order to minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.

The top ten hoaxes reported to Sophos during January 2006 were as follows:

Position Hoax Percentage of reports
1Hotmail hoax
   15.2%
2A virtual card for you
   11.8%
3Bonsai kitten
   11.7%
4Meninas da Playboy
   6.5%
5Budweiser frogs screensaver
   4.4%
6Applebees Gift Certificate
   2.7%
7Bill Gates fortune
   2.6%
8Mobile phone hoax
   2.3%
9WTC Survivor
   2.2%
10MSN is closing down
   2.0%
Others38.6%

"A new chain letter has entered the charts claiming that the MSN will be closed down unless the bogus email is forwarded to family, friends and colleagues," said Theriault. "As always, these chain letters are best deleted as they waste bandwidth."

Sophos has made available a free, constantly updated RSS information feed which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are also available.

For more information about the latest trends in viruses, spyware and spam read the in-depth Sophos Security Threat Management Report 2005:

Download "Sophos Security Threat Management Report 2005"