Top ten viruses and hoaxes reported to Sophos in February 2006

Sophos Press Release

Trojan horse bursts into chart on back of spammed attack

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten viruses and hoaxes causing problems for businesses around the world during the month of February 2006.

The report, compiled from Sophos's global network of monitoring stations, reveals that a Trojan horse, Clagger-G, has infiltrated the chart this month, demonstrating that today's financially motivated threats use a combination of malware and spam technology. Nyxem-D, dubbed the Kama Sutra worm, has crept up from fourth to second position, showing the success of its erotic camouflage.

The top ten viruses in February 2006 were as follows:

Position Last
Malware Percentage of reports
Others 39.9%

Nyxem-D, was first detected on 18 January and is still gathering momentum, accounting for 9.3% of this month's reported malware. The email worm uses a variety of pornographic disguises in an attempt to spread and disable security software.

However, this headline-grabbing worm has failed to topple old-timer Netsky-P, which has climbed back to the number one spot after three months in the shadow of Sober-Z, programmed to stop spreading on 6 January 2006. Netsky-P was first detected in March 2004, and has relentlessly blighted unprotected users ever since.

Most interesting is the appearance of Trojan horse, Clagger-G, in the chart this month at number eight, which is a clear demonstration of mass spamming holding its own against self-spreading malware.

"In order for this Clagger Trojan to make an appearance in the top ten, it must have been spammed out to millions and millions of email addresses worldwide," said Carole Theriault, senior security consultant at Sophos. "Trojan horses, which cannot spread on their own, account for roughly two-thirds of all reported malware. Rather than mass bombardment, most Trojan creators focus on small targeted groups to pilfer cash and sensitive information."

Bagle-Zip has burst back into the chart at number three, while Bagle-CH, first detected on 7 February, has entered the chart at number seven.

"Businesses and individuals without computer protection in place are living in cloud-cuckoo-land - these worms can wreak havoc on a network but are easily controlled if an effective security policy is in place," continued Theriault.

Sophos's research shows that 1.1% or one in 90 emails is viral. The company now identifies and protects against a total of 119,192 threats, an increase of 1,132 on last month.

The top ten hoaxes and chain letters in February 2006 were as follows:

Position Hoax Percentage of reports
1Hotmail hoax
2A virtual card for you
3Meninas da Playboy
4Bonsai kitten
5Budweiser frogs screensaver
6MSN is closing down
7Olympic torch
8WTC Survivor
9Bill Gates fortune
10Applebees Gift Certificate

"The Olympic Torch hoax is plaguing users this month, riding on the back of worldwide fascination with the Winter Olympics," continued Theriault. "Many people have panicked when faced with this hoax because it warns users to be wary of emails with the subject line 'Invitation' - claiming that it is 'the most destructive virus ever'. Not only do these emails gobble up bandwidth, they also waste time and genuinely cause some victims to worry unduly."

Sophos has made available a free, constantly updated RSS information feed which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are also available.

For more information about the latest trends in viruses, spyware and spam read the in-depth Sophos Security Threat Management Report 2005:

Download "Sophos Security Threat Management Report 2005"

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at