In this section

• Home
• Press office
• News archive
• Articles
• 2007
• 07

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• SophosLabs blog
• Graham Cluley's blog
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Info feeds

• Security news
• Company news

• Security news
• Company news

What are info feeds?

2 July 2007

Attacks via web and email strip businesses of cash Sophos announces top ten web and email-borne threats for June 2007

Sophos, a world leader in IT security and control, has revealed the most prevalent malware threats causing problems for computer users around the world during June 2007.

The figures, compiled by Sophos's global network of monitoring stations, show a further sharp rise in web-based threats. Sophos uncovered an average of 29,700 new infected web pages every day - around 80 percent of which were located on hacked legitimate sites.

The top ten list of web-based malware threats in June 2007 reads as follows:

Top ten web threats

Position	Malware	Percentage
1	Mal/Iframe	64.0%
2	Mal/ObfJS	10.1%
3	Troj/Fujif	3.1%
4	Troj/Decdec	2.7%
5	VBS/Redlof	2.5%
6	Troj/Psyme	3.8%
7	Mal/Packer	1.1%
8=	Troj/Ifradv	1.0%
8=	VBS/Haptime	1.0%
10	Mal/Zlob	0.9%
Others		9.7%

Mal/Iframe, which works by injecting malicious code into web pages, has again topped the chart, accounting for nearly two thirds of the world's infected URLs. Earlier this month, a Mal/Iframe attack on multiple Italian websites occurred, making headlines around the world. More than 10,000 web pages were infected, most of which were on legitimate but compromised websites hosted in Italy. Victim websites included Italian city councils, employment services and tourism sites. Most of the affected pages appear to be hosted by one of the largest ISPs in Italy.

"The Italian Mal/Iframe attack should certainly act as a wake-up call to ISPs across the globe," said Carole Theriault, senior security consultant at Sophos. "Malicious code dumped on these websites is just waiting to pounce on innocent surfers. Websites should be as secure as Fort Knox, but at the moment, too many web pages are easy pickings for cybercriminals."

The top ten list of countries hosting malware-infected web pages in June 2007, reads as follows:

Top malware-hosting countries

Position	Country	Percentage
1	China (inc.Hong Kong)	59.3%
2	United States	23.9%
3	Russia	3.6%
4	Germany	1.7%
5	Ukraine	1.4%
6	Italy	1.0%
7=	Taiwan	0.8%
7=	Brazil	0.8%
7=	United Kingdom	0.8%
10	Canada	0.6%
Others		6.2%

While China retains its position at the top of the chart this month, Italy is a new entry and this is largely due to the Iframe attack. ObfJS, which was the second most prevalent web-based threat this month, also contributed to Italy's status in the top ten, following a potent attack on a popular, legitimate web page early in June.

"The fact that China is responsible for such a hefty proportion of the world's infected web pages, should not make other countries rest on their laurels, " continued Theriault. "Italy's rise into the top ten highlights the need for countries around the world to educate ISPs and website administrators to ensure they are properly secured against web threats."

The top ten list of email-based malware threats in June 2007 reads as follows:

Top ten email threats

Position	Last month	Malware	Percentage of reports
1	2	W32/Netsky	31.4%
2	3	W32/Mytob	20.9%
3	New	Mal/Iframe	10.9%
4	5	W32/MyDoom	6.4%
5	8	W32/Sality	5.4%
6=	6	W32/Zafi	5.0%
6=	8	W32/Bagle	5.0%
8=	Re-entry	Mal/DownLdr	2.6%
8=	Re-entry	W32/Stratio	2.6%
10	10	W32/Nyxem	2.0%
Others			7.8%

Interestingly, Mal/Iframe's appearance in the email-based chart demonstrates that it is not limited to only infecting via the web. Hackers can embed the malware into emails using HTML to exploit users.

A graphic of the top ten email-based malware chart is available.

Top ten hoaxes and chain letters

Position	Hoax	Percentage of reports
1	Hotmail hoax	32.7%
2	Olympic torch	8.6%
3	A virtual card for you	3.2%
4	Meninas da Playboy	2.6%
5	Bonsai kitten	2.4%
6	MSN is closing down	1.9%
7	Bill Gates fortune	1.9%
8	M&S vouchers	1.8%
9	Justice for Jamie	1.7%
10	Music Top 50	1.6%
Others		41.6%

Sophos experts have compiled simple best practice guides to adopting a multi-layered defense. With blended threats, spam and phishing attacks on the rise it has never been more important to educate end users about how best to protect themselves.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also:

• Listen to Sophos podcasts
• Find out about the latest threats on the SophosLabs blog
• Sign up for free notification of new viruses found in the wild