Top ten malware threats and hoaxes reported to Sophos in April 2006

May 02, 2006 Sophos Press Release

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten malware threats and hoaxes causing problems for businesses around the world during the month of April 2006.

The report, compiled from Sophos's global network of monitoring stations, reveals that Netsky-P, which recently celebrated its second birthday, has returned to the top of the virus chart, replacing Zafi-B, which Sophos first protected against 22 months ago. However as a proportion of all malware, email viruses and worms continue to decline - 86% of the threats discovered by Sophos during April were Trojan horses, used by hackers to download malicious code, spy on users, steal information or gain unauthorised access to computers.

The top ten viruses in April 2006 were as follows:

Position Last
month
Malware Percentage of reports
12W32/Netsky-P
   18.5%
21W32/Zafi-B
   16.9%
33W32/Nyxem-D
   8.5%
44W32/MyDoom-AJ
   3.9%
48W32/Netsky-D
   3.9%
68W32/Mytob-FO
   3.6%
7Re-entryW32/Mytob-C
   2.8%
810W32/Mytob-Z
   2.6%
9NewW32/Dolebot-A
   2.2%
10Re-entryW32/Mytob-AS
   1.3%
Others 35.8%

"While email worms occupy the top spots, it's clear that Trojan horses represent by far the most prominent threat to IT security," said Carole Theriault, senior security consultant at Sophos. "Trojans are constantly being fine-tuned by hackers to catch out specific targets. As they are likely to be more difficult to identify, there's a danger that more individuals will make the mistake of clicking on an unsolicited attachment or a dubious weblink."

In addition, Sophos found that at least 28% of threats reported during April allow an unauthorized third party to access the computer remotely - further evidence that hackers are now primarily motivated by financial or data theft rather than simply to cause disruption.

The fact that fewer mass-mailing worms are being created while cybercriminals are focusing their efforts on smaller, targeted attacks, has meant that long established threats continue to dominate the top ten. This proves that many computer users are still failing to update their protection and remove the risk of infection from these old nasties.

"It's astonishing that Netsky-P is still going strong 25 months on, and users with insufficient malware protection must take the brunt of the blame for giving it this continued lease of life," continued Theriault. "While greater education is helping bring some users up-to-speed on IT security threats, Netsky and Zafi continue to linger, and many may wonder if Microsoft will strike the killer blow to these worms when it releases its Windows Vista operating system in 2007."

Security has long been publicised as the major addition in the next instalment of Microsoft's widely-used Windows operating system, however details are still emerging as to how all-encompassing the new Vista security features will be, or the potential impact on malware designed for older versions of Windows.

"It's important to remember that as older threats are vanquished, others will undoubtedly take their place," explained Theriault. "Mass-mailing worms may be in decline, but it's highly unlikely that they will disappear entirely - the introduction of a major new operating system may even spark a new wave of threats, as virus writers try to find holes in the product."

Elsewhere in the virus chart, there are re-entries for two Mytob variants, Mytob-C and Mytob-AS, while another email worm, Dolebot-A, enters the chart for the first time in ninth position, accounting for 2.2% of all viruses reported. Sophos's research shows that 0.7% or one in 141 emails is viral. The company now identifies and protects against a total of 121,096 threats, an increase of 1054 on last month.

The top ten hoaxes and chain letters in April 2006 were as follows:

Position Hoax Percentage of reports
1Hotmail hoax
   13.5%
2Music Top 50
   11.2%
3Olympic torch
   9.0%
4Meninas da Playboy
   6.3%
5Bonsai kitten
   5.2%
6MSN is closing down
   4.9%
7Justice for Jamie
   4.4%
8Budweiser frogs screensaver
   3.2%
9Bill Gates fortune
   3.0%
10Paying for MSN
   2.0%
Others37.3%

"It's a return to the top of the charts for the Hotmail hoax this month, while the Dutch language Music Top 50 chain letter has grown in prevalence, clogging bandwidth and wasting computer users' time," said Theriault. "The chain letter purports to be from a new television programme, and falsely promises a free Discman for recipients that forward on the email to others. Given that we're now firmly in the age of the iPod, it's surprising that such outdated hoaxes continue to fool people - our advice is if an offer sounds too good to be true, it probably isn't the real deal."

Sophos has made available a free, constantly updated RSS information feed which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are also available.

For more information about the latest trends in viruses, spyware and spam read the in-depth Sophos Security Threat Management Report 2005:

Download "Sophos Security Threat Management Report 2005" Download the report