Virus writing on the rise as average time to infection spirals down

Sophos Press Release

Sophos charts virus activity for first six months of 2005

Lynnfield, MA - Sophos, a global leader in network security, has released the results of its comprehensive research of virus activity over the first six months of 2005. Thus far Sophos has detected and protected against 7,944 new viruses - a 59% increase when compared to the first six months of 2004.

In line with this substantial increase in virus writing is the rapidly decreasing average time to infection. There is now a 50% chance of being infected by an internet worm within just 12 minutes of being online using an unprotected, unpatched Windows PC.

For the first six months of 2005 the top ten viruses, as recorded by the SophosLabs™ global network of virus and spam analysis centers, are as follows:

Position Malware Percentage of reports

The longstanding Zafi-D worm accounts for more than a quarter of all viruses reported to Sophos to date. Dominating the top of the monthly virus charts for the first four months, this Hungarian worm uses the guise of a Christmas greeting to trick users into opening its infected attachment.

"It's really amazing that even though the holiday season has long passed, Zafi-D has managed to stick around," said Gregg Mastoras, senior security analyst with Sophos. "Over the last two months, we've seen a decrease in reports but it's still very much a threat."

The bilingual Sober-N, which takes third place on the six-month chart, having first emerged in May, catapulted to the top of the virus chart last month - finally knocking Zafi-D from the top spot.

Posing as tickets to the 2006 World cup in Germany, Sober-N compromised thousands of PCs in more than 40 countries.

Sober-N waited silently in the background of infected PCs, before upgrading itself to a newer version in order to send out German nationalistic spam from the compromised, 'zombie' computers.

"The Sober family of worms is an example of how damaging the collaborative efforts between virus writers and spammers can be, hijacking the computers of legitimate organizations to create 'zombies,' whose purpose is to perpetuate the generation of more spam," continued Mastoras. "Organizations are being victimized and likely being identified as a source of spam, endangering reputations and potentially causing their email to be blocked by others."

Sophos has seen a threefold increase in the number of keylogging Trojans so far this year. Trojans are delivered to targeted organizations via email attachments or links to websites. They are often used by remote hackers to steal privileged information and very often, to launch further attacks. In June, an NISCC investigation, which Sophos assisted, found that nearly 300 UK government departments and core businesses were the subject of Trojan horse attacks.

"We are seeing a large amount of new Trojan horses on a daily basis, representing what may be the most significant development in malware writing," Mastoras said. "Trojans typically don't make the charts because they do not spread on their own and are used for targeted attacks, which are designed to make money or steal information."

The total number of viruses protected against by Sophos now stands at 106,218.

Graphics of the above Top Ten virus chart are available here.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at