Nimda tops virus chart for 2001

Sophos Press Release

Sophos statistics show email-aware worms pose greatest threat to businesses worldwide

Sophos, a world leader in corporate anti-virus protection, has revealed that just two viruses, Nimda and Sircam, accounted for almost 50% of the reports received by Sophos's helpdesk during 2001. Code Red, the most hyped virus of the year, does not even appear in the top ten. Sophos has detected 11,160 new viruses, worms and Trojan horses to date this year, bringing the total protected against to almost 70,000. On average, the Sophos virus labs produce detection routines for over 30 viruses each day.

The top ten figures, as recorded by Sophos's helpdesk, are as follows:

Position Malware Percentage of reports

"Nimda's anonymous author only unleashed his creation in September, yet it still represented more than a quarter of reports to the Sophos helpdesk," said Graham Cluley, senior technology consultant at Sophos Anti-Virus. "Nimda was effective because it could infect computers using a variety of techniques. It is likely that we will see more multiple pronged attacks in the future."

Nimda was closely followed by Sircam. By changing the email subject line each time it replicated, the Sircam worm duped thousands of users into double-clicking on an infected e-mail attachment. Sircam was particularly damaging because of its ability to steal confidential documents from computers and distribute them to all email addresses in the user's address book.

Alongside newly reported viruses and worms, such as Nimda, Sircam, Anna Kournikova and Homepage, the chart also contains a worm that was first detected back in 1999. Kakworm, which topped last year's charts, is still the seventh most commonly encountered virus.

Other developments in 2001:

  • The fate of virus writers continued to cause controversy. Jan de Wit, found guilty of writing the Anna Kournikova worm was sentenced to just 150 hours of community service in the Netherlands when only 55 businesses admitted infection. Meanwhile in the US, David L Smith is still awaiting sentencing two years after pleading guilty to writing the Melissa virus and causing 80 million US dollars of damage.
  • March saw the emergence of Lindose, the first virus to infect both Windows and Linux operating systems. The Unix worm, Sadmind (first detected in May) also demonstrated that it is not only Microsoft systems that are vulnerable to viruses.
  • The detection of the first viruses (FunnyFile and Choke) to attack instant messaging platforms highlighted the need for increased user vigilance and for businesses to remember that it is not just email systems that spread viruses.
  • Despite the hype, no viruses appeared in 2001 which attacked Palms or mobile phones.
  • Code Red made headline news from July, prompting thousands of calls from concerned customers. Despite predictions from some members of the security community that the internet was set to collapse, Code Red did not even make the top ten viruses of the year.

Predictions for 2002:

  • Sophos predicts that 2002 will see even more virus activity, with more email-aware worms being written. Additionally Sophos believes that the increasing emergence of 'always-on' home connections with ADSL and cable modems will increase the likelihood of home users suffering from hacker attacks.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at