Dorf malware storms the top ten chart

January 31, 2007 Sophos Press Release

Sophos, a world leader in IT security, has revealed the most prevalent malware threats and email hoaxes causing problems for computer users around the world during January 2007.

The figures, compiled from Sophos's global network of monitoring stations, show that the recently discovered Dorf malware has had a massive impact on computer users worldwide, rampaging to the top of the monthly malware threat chart and accounting for almost 50 percent of all malware seen during January.

The Dorf malware was aggressively spammed out posing as breaking news of deaths caused by stormy European weather during January. Later in the month the authors changed tack and launched a further campaign disguising the malware as a romantic email greeting card. Elsewhere in the top ten, the Netsky, Mytob and Stratio malware remain rooted in second, third and fourth place respectively, between them accounting for one third of all malware reports.

The top ten list of malware threats in January 2007 reads as follows:

Position Last
month
Malware Percentage of reports
1 New Dorf
46.1%
2 2 Netsky
16.1%
3 3 Mytob
9.8%
4 4 Stratio
8.5%
5 5 Zafi
3.6%
6 7 MyDoom
2.8%
7 8 Sality
2.6%
8 5 Bagle
2.5%
9 9 Nyxem
1.0%
10 New Wukill
0.8%
Others 6.2%

"Spammed out with hard-hitting headlines and the promise of exclusive news content, the Dorf malware, or 'Storm Trojan', moved at gale force speeds and battered inboxes worldwide in an attempt to compromise users' PCs," said Carole Theriault, senior security consultant at Sophos. "Though not a particularly sophisticated form of attack, preying upon public interest by using breaking news events is a tried and trusted trick. It has proven to be a remarkably effective method of fooling recipients into lowering their guard."

Sophos has so far seen more than 2500 variants of the Dorf malware - almost a third of the new threats identified during January 2007. The majority of these variants were intercepted by Sophos's proactive Behavioral Genotype® Protection technology even before they were formally identified as belonging to the Dorf family of malware.

The proportion of infected email, while substantially higher than in December 2006, is still small at just one in 238 (0.42%), while during January Sophos identified 7,272 new threats, bringing the total number of malware protected against to 214,956.

The top ten hoaxes and chain letters in January 2007 were as follows:

Position Hoax Percentage of reports
1 Hotmail hoax
28.8%
2 Olympic torch
16.9%
3 Justice for Jamie
3.1%
4 Budweiser frogs screensaver
2.9%
5 A virtual card for you
2.9%
6 Bonsai kitten
2.5%
7 Applebees Gift Certificate
1.7%
8 Meninas da Playboy
1.7%
9 Bill Gates fortune
1.4%
10 MSN is closing down
1.3%
Others 36.8%

Graphics of the above top ten malware chart are available.

The Sophos Security Threat Report 2007, which discusses 2006's most prevalent families of malware and malware hosting countries in more detail, can be downloaded from the Sophos website: