IT security and control firm Sophos has revealed the most
prevalent malware threats and countries causing problems for
computer users around the world during October 2007.
The study, compiled by Sophos's global network of monitoring
stations, has shown that a new Trojan horse, PDFex, that is
typically spammed out in email messages with an infected Adobe
Acrobat PDF attachment, has smashed its way into third position in
the chart. The Trojan was widely spammed out in an attack during
the last few days of October, taking advantage of an unpatched
Windows vulnerability to infect innocent PCs.
"PDFex only started to circulate at the very end of the month,
but still managed to account for over 13 percent of all emailed
malware during October. It was heavily spammed out between 26-28th
October, and during that period, it accounted for a staggering two
thirds, or 66 percent, of all malware spread via email," said
Carole Theriault,
senior security consultant at Sophos. "PDFs have long been used in
business as a means of sharing information, so the social
engineering trickery of using a PDF puts insufficiently protected
businesses at risk. Adobe have issued an update to their Acrobat
software that fixes the problem, and eyes are now turned to
Microsoft to patch the underlying flaw in Windows which could also
affect other vulnerable applications such as Skype and
Firefox."
Top ten email threats
The top ten list of email-based malware threats in October 2007
reads as follows:
Although criminals are currently using PDF files to try and
infect innocent PCs with malware, SophosLabs has seen little
evidence of more spammers continuing to use PDF files to get their
unwanted marketing messages in front of computer users.
Sophos's research also indicates a slight decrease in the
percentage of infected email. Overall in October, 0.1 percent of
emails were carrying malicious email attachments, or one in every
1,000, compared to 1 in every 833 during September.
Top ten web threats
Web attacks continue to pose a significant threat, with
Mal/Iframe being responsible for almost seven out of every ten
infections found on the web by Sophos. During October, Sophos
detected an average of 5,200 new compromised webpages hosting
malicious code each day, a similar figure to last month.
The top ten list of web-based malware threats in October 2007
reads as follows:
Troj/Unif is a new entry at number two this month, accounting
for 15 percent of all infected webpages. It was used by hackers in
a number of coordinated attacks during October, where legitimate
webpages were compromised and visitors were subsequently redirected
to a series of attack sites, hosted in countries all over the
world, from Turkey to Malaysia.
Top malware-hosting countries
The top ten list of countries hosting malware-infected webpages
in October 2007 reads as follows:
| Position |
Last
month |
Country |
Percentage of reports |
| 1 |
1 |
China (inc. HK) |
|
| 2 |
3 |
Russia |
|
| 3 |
2 |
United States |
|
| 4 |
4 |
Ukraine |
|
| 5 |
6= |
Netherlands |
|
| 6 |
7= |
Canada |
|
| 7 |
New |
Argentina |
|
| 8 |
Re-entry |
South Korea |
|
| 9 |
5 |
Germany |
|
| 10 |
New |
Singapore |
|
| Others |
6.3% |
China continues to hold the top position and was responsible for
hosting more than half of all the infected webpages detected by
Sophos during October. Significantly, Russia and the US have
swapped places this month. Russia was responsible for hosting a
fifth of infected webpages in October, more than five percent more
than September, while the US continues to decrease its impact. The
US now hosts less than 15 percent of malicious pages served up on
the internet, whereas six months ago, it accounted for double
that.
The Ukraine and Netherlands, this month holding the fourth and
fifth positions, hosted a surprising amount of infected webpages in
October considering their populations and number of PCs. Despite
the fact that these two countries were responsible for hosting less
than three percent of infected webpages between them, the sheer
volume of pages being infected worldwide on a daily basis means
that even a tiny percentage equates to a significant amount of
malware.
"In October, we saw a large Dutch domain attacked by Mal/ObfJS.
With the infection spreading to all the pages the domain served up,
it significantly impacted the Netherlands' position in the chart.
As the domain has now cleaned up the infection, we hope that the
country will be able to slip out of Sophos's next top ten list.
This should be a wake-up call to other web providers to ensure they
have the right protection and up-to-date patches in place to stop a
potential infection in its tracks," concluded Theriault.
Top ten hoaxes and scams
The top ten list of email hoaxes and scams in October 2007 reads
as follows:
Sophos experts have compiled simple best practice guides to
adopting a multi-layered defense. With blended threats, spam and
phishing attacks on the rise it has never been more important to
educate end users about how best to protect themselves.
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend
against the threats of spam, hackers, spyware and viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.