IFrame worm finishes year top of the virus chart, reveals Sophos report

January 04, 2008 Sophos Press Release

IT security and control firm Sophos has revealed the most prevalent malware threats and countries causing problems for computer users around the world during December 2007.

While the study, compiled by Sophos's global network of monitoring stations, has shown only minor changes since November, a Sophos poll has revealed that 70 percent of those surveyed believe that 2008 will actually be just as bad or worse for IT security than 2007.

Top ten web threats

The top ten list of web-based malware threats in December 2007 reads as follows:

Position Last
month
Malware Percentage of reports
1 1 Mal/IFrame
50.8%
2 2 Mal/ObfJS
19.2%
3 New Troj/DRClick
14.6%
4 3 Troj/Unif
3.0%
5 4 Troj/Decdec
2.4%
6 5 Troj/Fujif
1.6%
7 Re-entry Troj/Pintadd
0.9%
8 Re-entry Troj/Zlobar
0.8%
9 10 Mal/FunDF
0.6%
10 Re-entry VBS/Haptime
0.5%
Others 5.6%

Mal/Iframe, which works by injecting malicious code into webpages, retains its position as leader of the chart, despite not having the same impact as the previous month when it accounted for almost 70 percent of web-based attacks. Mal/ObfJS, a method by which hackers use obfuscated JavaScript to infect web surfers, has successfully held onto second place.

"Although December saw Mal/Iframe's dominance at the top of the chart begin to wane, computer users must not get complacent - it still accounted for more than half of all web-based attacks seen last month," said Graham Cluley, senior technology consultant at Sophos. "Yet, despite the pessimistic figures and the fact that less than a third of people believe there will be any improvement in the situation in 2008, it is possible to combat the cybercriminals with an effective IT security solution. Hopefully the public's negative viewpoint will spur both businesses and consumers on to recognise the seriousness of these threats and make sure their networks and data are fully protected from existing malware, as well as emerging attacks."

Top malware-hosting countries

The top ten list of countries hosting malware-infected webpages in December 2007 reads as follows:

Position Last
month
Country Percentage of reports
1 1 China (incl HK)
40.9%
2 2 United States
33.9%
3 3 Russian Federation
6.8%
4 5 Germany
3.8%
5 4 Ukraine
2.2%
6 6 Turkey
1.4%
7 8= United Kingdom
1.2%
8 8= Poland
0.8%
9 Re-entry Netherlands
0.7%
10 Re-entry Italy
0.6%
Others 7.7%

China, a country notoriously plagued by Mal/Iframe in previous months, continues to host the most infected webpages. However China is not the only culprit as the United States and Russia have risen in the charts, with America storming from 19 percent in November to serving up over a third of the world's malicious webpages in December.

This month also saw Canada and France drop out of the top ten, to be replaced by the Netherlands and Italy.

Top ten email threats

The top ten list of email-based malware threats in December 2007 reads as follows:

Position Last
month
Malware Percentage of reports
1 1 Troj/Pushdo
35.8%
2 3 W32/Netsky
28.1%
3 6 W32/Mytob
6.9%
4 9 W32/Strati
5.3%
5 4 Mal/Dropper
5.2%
6 5 W32/Zafi
4.9%
7 8 W32/MyDoom
3.5%
8 Re-entry Troj/Dloadr
2.6%
9 10 W32/Bagle
1.7%
10 Re-entry W32/Sality
0.8%
Others 5.2%

Overall, 0.09 percent of emails, or one in 1111, had malicious attachments in December 2007, with Pushdo retaining its position as the most prevalent email-based malware detected in December.

Top ten hoaxes and scams

The top ten list of email hoaxes and scams in December 2007 reads as follows:

Position Hoax Percentage of reports
1 Hotmail hoax
6.7%
2 Olympic torch
6.2%
3 A virtual card for you
5.1%
4 Elf Bowling
3.5%
5 Justice for Jamie
2.7%
6 MSN is closing down
2.4%
7 Budweiser frogs screensaver
2.1%
8 Applebees Gift Certificate
2.1%
9 Merry Christmas
1.9%
10 Bonsai kitten
1.9%
Others 65.4%

Sophos experts have compiled simple best practice guides to adopting a multi-layered defense. With blended threats, spam and phishing attacks on the rise it has never been more important to educate end users about how best to protect themselves.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

Survey results

Do you think 2008 will be a better year for internet security than 2007?

Yes, things will be better
30%
No, 2008 will be a worse year for security
42%
About the same
28%

* Sophos poll hosted on the Sophos website, 621 respondents, December 2007

Disclaimer: Please bear in mind that this poll is not scientific and is provided for information purposes only. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.