Sophos, a world leader in IT security and control, has revealed
the most prevalent malware threats causing problems for computer
users around the world during June 2007.
The figures, compiled by Sophos's global network of monitoring
stations, show a further sharp rise in web-based threats. Sophos
uncovered an average of 29,700 new infected web pages every day -
around 80 percent of which were located on hacked legitimate
sites.
The top ten list of web-based malware threats in June 2007 reads
as follows:
Top ten web threats
Mal/Iframe, which works by injecting malicious code into web
pages, has again topped the chart, accounting for nearly two thirds
of the world's infected URLs. Earlier this month, a Mal/Iframe
attack on multiple Italian websites occurred, making headlines
around the world. More than 10,000 web pages were infected, most of
which were on legitimate but compromised websites hosted in Italy.
Victim websites included Italian city councils, employment services
and tourism sites. Most of the affected pages appear to be hosted
by one of the largest ISPs in Italy.
"The Italian Mal/Iframe attack should certainly act as a wake-up
call to ISPs across the globe," said Carole Theriault, senior
security consultant at Sophos. "Malicious code dumped on these
websites is just waiting to pounce on innocent surfers. Websites
should be as secure as Fort Knox, but at the moment, too many web
pages are easy pickings for cybercriminals."
The top ten list of countries hosting malware-infected web pages
in June 2007, reads as follows:
Top malware-hosting countries
| Position |
Country |
Percentage |
| 1 |
China (inc.Hong Kong) |
|
| 2 |
United States |
|
| 3 |
Russia |
|
| 4 |
Germany |
|
| 5 |
Ukraine |
|
| 6 |
Italy |
|
| 7= |
Taiwan |
|
| 7= |
Brazil |
|
| 7= |
United Kingdom |
|
| 10 |
Canada |
|
| Others |
6.2% |
While China retains its position at the top of the chart this
month, Italy is a new entry and this is largely due to the Iframe
attack. ObfJS, which was the second most prevalent web-based threat
this month, also contributed to Italy's status in the top ten,
following a potent attack on a popular, legitimate web page early
in June.
"The fact that China is responsible for such a hefty proportion
of the world's infected web pages, should not make other countries
rest on their laurels, " continued Theriault. "Italy's rise into
the top ten highlights the need for countries around the world to
educate ISPs and website administrators to ensure they are properly
secured against web threats."
The top ten list of email-based malware threats in June 2007
reads as follows:
Top ten email threats
Interestingly, Mal/Iframe's appearance in the email-based chart
demonstrates that it is not limited to only infecting via the web.
Hackers can embed the malware into emails using HTML to exploit
users.
A graphic of the top ten email-based malware chart is available.
Top ten hoaxes and chain letters
Sophos experts have compiled simple best practice guides to
adopting a multi-layered defense. With blended threats, spam and
phishing attacks on the rise it has never been more important to
educate end users about how best to protect themselves.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.