Sophos charts virus activity for first six months of 2005
Lynnfield, MA - Sophos, a global leader in network security, has
released the results of its comprehensive research of virus
activity over the first six months of 2005. Thus far Sophos has
detected and protected against 7,944 new viruses - a 59% increase
when compared to the first six months of 2004.
In line with this substantial increase in virus writing is the
rapidly decreasing average time to infection. There is now a 50%
chance of being infected by an internet worm within just 12 minutes
of being online using an unprotected, unpatched Windows PC.
For the first six months of 2005 the top ten viruses, as
recorded by the SophosLabs™ global network of virus and spam
analysis centers, are as follows:
The longstanding Zafi-D worm accounts for more than a quarter of
all viruses reported to Sophos to date. Dominating the top of the
monthly virus charts for the first four months, this Hungarian worm
uses the guise of a Christmas greeting to trick users into opening
its infected attachment.
"It's really amazing that even though the holiday season has
long passed, Zafi-D has managed to stick around," said Gregg Mastoras, senior
security analyst with Sophos. "Over the last two months, we've seen
a decrease in reports but it's still very much a threat."
The bilingual Sober-N, which takes third place on the six-month
chart, having first emerged in May, catapulted to the top of the
virus chart last month - finally knocking Zafi-D from the top
Posing as tickets to the 2006 World cup in Germany, Sober-N
compromised thousands of PCs in more than 40 countries.
Sober-N waited silently in the background of infected PCs,
before upgrading itself to a newer version in order to send out
German nationalistic spam from the compromised, 'zombie'
"The Sober family of worms is an example of how damaging the
collaborative efforts between virus writers and spammers can be,
hijacking the computers of legitimate organizations to create
'zombies,' whose purpose is to perpetuate the generation of more
spam," continued Mastoras. "Organizations are being victimized and
likely being identified as a source of spam, endangering
reputations and potentially causing their email to be blocked by
Sophos has seen a threefold increase in the number of keylogging
Trojans so far this year. Trojans are delivered to targeted
organizations via email attachments or links to websites. They are
often used by remote hackers to steal privileged information and
very often, to launch further attacks. In June, an NISCC
investigation, which Sophos assisted, found that nearly 300 UK
government departments and core businesses were the subject of
Trojan horse attacks.
"We are seeing a large amount of new Trojan horses on a daily
basis, representing what may be the most significant development in
malware writing," Mastoras said. "Trojans typically don't make the
charts because they do not spread on their own and are used for
targeted attacks, which are designed to make money or steal
The total number of viruses protected against by Sophos now
stands at 106,218.
Graphics of the above Top Ten virus chart are available here.