Sophos charts virus activity for first six months of 2005
Sophos, a world leader in protecting businesses against viruses
and spam, has revealed results of its comprehensive research into
the last six months of virus activity. In 2005 so far, Sophos has
detected and protected against 7,944 new viruses - up 59% from the
first six months of last year.
In line with this substantial increase in virus writing, is the
rapidly decreasing average time to infection. There is now a 50%
chance of being infected by an internet worm in just 12 minutes of
being online using an unprotected, unpatched Windows PC.
For the first six months of 2005, the top ten viruses, as
recorded by SophosLabs, are as follows, with the most frequently
occurring virus at number one:
The longstanding Zafi-D worm accounts for more than a quarter of
all viruses reported to Sophos so far this year. Dominating the top
of the monthly virus charts for the first four months, this
Hungarian worm uses the guise of a Christmas greeting
to trick users into opening its infected attachment.
"Most surprising is that Zafi-D managed to hang around long
after the festive season and well into the Spring," said Graham Cluley, senior
technology consultant at Sophos. "It's only in the last two months
that Zafi-D has started to lose its stranglehold on the chart, but
it's still a significant threat."
The bilingual Sober-N, which takes third place on the six-month
chart having first emerged in May, stormed to the top of the virus
chart last month - finally knocking Zafi-D from the top spot.
Posing as tickets to the 2006 World cup in Germany, Sober-N
compromised thousands of
PCs in 40 countries.
Sober-N waited silently in the background of infected PCs,
before upgrading itself to a newer version in order to churn out German nationalistic
spam from the compromised, 'zombie' computers.
"The Sober family of worms show just how much damage can now be
done through a zombie machine," said Cluley. "The combined effort
of spammers, virus writers and their zombie armies are certainly a
force to be reckoned with. Increasingly, legitimate organisations
are being thrown into the firing line - finding themselves being
identified as sources of spam."
"The threats are consolidating - its becoming more blurred as to
whether something is a spam, a spyware, a phish, or a virus
problem. Businesses must ensure they are protected against all of
these threats," continued Cluley. "Furthermore, it makes sense to
source your security solution from a vendor who has expertise in
all of these areas in-house - allowing nothing to slip through the
Another old-timer, Netsky-P, which was the hardest-hitting virus
of 2004, has enjoyed an extremely long reign near the top of the
virus chart so far in 2005. German teenager Sven Jaschan, who
admitted writing the
Netsky and Sasser worms more than a year ago, will face trial
next week for computer sabotage, data manipulation and disruption
of public systems.
"Even though Jaschan's worms continue to spread and cause
problems for many computer users, he's likely to avoid a prison
sentence because of his age," said Cluley. "When comparing a dumb
teenager with other internet criminals who plot to steal millions
of credit card details or bank account information from infected
PCs, it's clear who should get the harsher sentences."
2005 has so far seen several highly publicised arrests relating
to computer crime. In May, Israeli police managed to track down a
London based couple, who were arrested for writing malicious
software that was used by Israeli companies to spy on their
competitors. The previous month saw the arrest of a Cypriot man
who spied on a 17-year old girl via her webcam after infecting her
PC with a Trojan horse. A similar scenario resulted in a Spanish student being
Sophos has seen a threefold increase in the number of keylogging
Trojans so far this year. Trojans are delivered to target
organisations via email attachments or links to websites. They are
often used by remote hackers to steal privileged information and
very often, to launch further attacks. In June, an NISCC investigation, which
Sophos assisted with, found that nearly 300 UK government
departments and businesses have been the subject of Trojan horse
"What we are witnessing is a stampede of new Trojan horses every
day," said Cluley. "Although some familiar worms have a tight grip
on the charts, the growth in Trojan horses is perhaps the most
significant development in malware-writing. Trojans don't normally
make the charts because they don't spread under their own steam,
and are increasingly being used for targeted attacks designed to
make money or steal information."
The prevalence of organised computer crime is higher than ever.
The attempted breach at the Sumitomo Mitsui bank in London and the
are prime examples of the continued trend towards financially
motivated computer crime.
Variants of the Mytob worm are also prevalent in the chart at
sixth and eighth places. More recent versions of the worm have
adopted a new trick, most commonly used by phishers, which includes
a faked web link pointing to the malicious code. Each new Mytob
variant has been tweaked slightly differently, which indicates that
the authors may be searching for the elements of their malicious
code that will help them create a super worm. Sophos believes that
it is unlikely that we have seen the last of this family of
The total number of viruses protected against by Sophos now
stands at 106,218.
Graphics of the above top ten virus chart are available here.