Top ten viruses and hoaxes reported to Sophos in January 2006

Sophos Press Release

Record malware reported this month - primarily financially motivated attacks

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten viruses and hoaxes causing problems for businesses around the world during the month of January 2006.

The report, compiled from Sophos's global network of monitoring stations, reveals that a staggering 2,312 new pieces of malware have been recorded this month - an increase of more than a third on December's figures. Following its rampant domination of the chart in December 2005, Sober-Z, while still the worst offender this month, stopped spreading after 6 January, signalling the end of its monopoly. The fall of Sober-Z early in the month has led to a shake-up in the rest of the chart, including the entry of the new Kama Sutra worm (Nyxem-D) and the re-entry of two previously prolific worms.

The top ten viruses in January were as follows:

Position Last
Malware Percentage of reports
Others 26.6%

The Sober-Z worm, which sent itself as an email attachment and attempted to turn off security software on the user's computer, is no longer a concern to users, but the fact that it stopped spreading in the first week of January and still accounts for almost 45% of malware reported to Sophos this month demonstrates the potency of the attack.

Nyxem-D, the Kama Sutra worm, which was first seen on 18 January, propelled itself into the charts this month at number four. The email worm uses a variety of pornographic disguises in an attempt to spread and disable security software. Nyxem-D is also programmed to overwrite files on Friday 3 February.

"In many ways the Kama Sutra worm is a throwback to the days when sexy subject lines and attachment names were often used to tempt users to open the infected file," said Carole Theriault, senior security consultant at Sophos. "The bad news for those who have been infected by the worm is that they run the risk of having their data wiped by its destructive payload on 3 February. This obvious sign of infection is a far cry from the stealth tactics employed by modern cyber criminals, bent on financial gain."

Theriault continued, "The rise of the Kama Sutra worm also shows the importance of educating employees on safe computing practices - whether it's opening joke files, pornography or screensavers, there is always a risk of infection."

Elsewhere in the chart, Netsky-P is hanging on to its top five place, creeping back up to number two this month.

"Some of these worms have been around for years, and should act as a wake up call for businesses and users who don't have adequate protection - these worms are simple to control as long as a consolidated solution is in place, and their spread would have been halted if anti-virus updates were applied," continued Theriault.

Sophos's research shows that 1.4% or one in 70 emails is viral. The company now identifies and protects against a total of 118,060 viruses, an increase of 2,312 on last month. A hefty proportion of the new malware written at the moment is Trojan horses, which are ideal for financially motivated hackers who want to target specific victims, whilst keeping their code firmly beneath the radar.

In order to minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.

The top ten hoaxes reported to Sophos during January 2006 were as follows:

Position Hoax Percentage of reports
1Hotmail hoax
2A virtual card for you
3Bonsai kitten
4Meninas da Playboy
5Budweiser frogs screensaver
6Applebees Gift Certificate
7Bill Gates fortune
8Mobile phone hoax
9WTC Survivor
10MSN is closing down

"A new chain letter has entered the charts claiming that the MSN will be closed down unless the bogus email is forwarded to family, friends and colleagues," said Theriault. "As always, these chain letters are best deleted as they waste bandwidth."

Sophos has made available a free, constantly updated RSS information feed which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are also available.

For more information about the latest trends in viruses, spyware and spam read the in-depth Sophos Security Threat Management Report 2005:

Download "Sophos Security Threat Management Report 2005"

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at