In this section

• Home
• Press office
• News archive
• Articles
• 2007
• 05

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Sophos blogs

• SophosLabs blog
• Graham Cluley's blog
• Paul Ducklin's blog
• Chet's blog

Info feeds

• Security news
• Company news
• More...

What are info feeds?

2 May 2007

April brings a deluge of web attacks, Sophos reports Sophos announces top ten web and email-borne threats reported in April

Sophos, a world leader in IT security and control, has revealed the most prevalent malware threats causing problems for computer users around the world during April 2007.

The figures compiled by Sophos's global network of monitoring stations, reveal that cybercriminals are currently preferring to spread their malware via the web than by email. 245,790 webpages hosting malicious code were identified in April, averaging at 8,193 infected webpages each day.

The top ten list of web-based malware threats in April 2007 reads as follows:

Position	Malware	Percentage
1	Mal/Iframe	44.7%
2	JS/EncIFra	19.7%
3	Troj/Fujif	10.0%
4	Troj/Psyme	8.7%
5	Troj/Decdec	5.3%
6	Troj/Ifradv	4.0%
7	Mal/Packer	1.0%
8	Mal/FunDF	0.7%
9	Mal/ObfJS	0.5%
10	Mal/Behav	0.4%
Others		5.0%

Mal/Iframe, dominated the web-based malware chart in April, accounting for nearly half of the world's web threats. Iframe-based malware operates like a growing number of web-based attacks, looking for vulnerabilities on legitimate hosted websites and injecting malicious code onto the site. Once the site is infected, unwary visitors without web security, firewall or patches on their PCs, can themselves be infected.

"The Iframe-based attacks are a perfect example of a prolific web threat that target vulnerable sites - it doesn't care whether the site is hosting pornography or gardening tips," said Carole Theriault, senior security consultant at Sophos. "This problem is not just a niggle: Sophos research shows that a whopping 70% of web-based malware is being hosted on innocent but exploited websites. With people being lured to these innocent but compromised webpages via cleverly worded email invitations, web security has to go beyond blocking websites based upon category alone. A secure web defense will also scan pages for malicious content, regardless of whether they are on a site you would normally consider 'safe'."

The top ten list of countries hosting malware-infected websites in April 2007, reads as follows:

Position	Country	Percentage
1	China (inc.Hong Kong)	56.4%
2	United States	28.3%
3	Russia	5.4%
4	Germany	3.4%
5	France	1.2%
6	Canada	0.7%
7	South Korea	0.6%
8	Ukraine	0.5%
9=	Netherlands	0.4%
9=	United Kingdom	0.4%
Others		2.7%

In April, China and Hong Kong were responsible for hosting more than half of the infected websites identified by Sophos, a significant increase when compared to March, when they were hosting 36%. China's rise in the chart is primarily due to the country hosting a large proportion of unpatched sites infected with this Iframe malware. However, 90% of all detected Hong Kong-based hacked websites were infected with Psyme.

"The UK has fallen from fifth in March to tenth position this month," continued Theriault. "This is more a sign of hackers finding a mountain of unpatched websites in China and the States rather than the UK being successful at cleaning up its sites. It would be great to see the UK fall completely from this list. If you are running a website, make sure your web server and software are patched against vulnerabilities."

The top ten list of email-based malware threats in April 2007 reads as follows:

Position	Last month	Malware	Percentage of reports
1	1	W32/Netsky	24.7%
2	Re-entry	W32/Dref	24.0%
3	2	W32/Mytob	15.6%
4	7	W32/Stratio	12.3%
5	6	W32/Zafi	5.2%
6	3	W32/Sality	3.7%
7	4	W32/MyDoom	3.6%
8	5	W32/Bagle	3.0%
9	8	W32/Nyxem	1.6%
10	New	Troj/Small	0.9%
Others			5.4%

Sophos has also revealed that while Netsky has held onto the number one spot for email-borne threats, Dref has shot back into the chart at number two, accounting for 24% of all malware spread via email.

A graphic of the top ten email-based malware chart is available.

The top ten hoaxes and chain letters in April were as follows:

Position	Hoax	Percentage of reports
1	Hotmail hoax	17.3%
2	Olympic torch	9.6%
3	MSN is closing down	4.3%
4	A virtual card for you	3.5%
5	Bonsai kitten	2.9%
6	Meninas da Playboy	2.6%
7	Budweiser frogs screensaver	2.6%
8	Justice for Jamie	2.5%
9	Bill Gates fortune	1.8%
10	Music Top 50	1.6%
Others		51.3%

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

See also:

• Sophos reveals rise of web-based malware in Q1 2007
• Listen to Sophos podcasts
• Free notification of new viruses found in the wild