Top ten viruses and hoaxes reported to Sophos in March 2006

Sophos Press Release

Trojan horse infiltrates chart for second month running

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten viruses and hoaxes causing problems for businesses around the world during the month of March 2006.

The report, compiled from Sophos's global network of monitoring stations, reveals that whilst the chart is dominated by long-established threats, a Trojan horse has penetrated the top ten for the second consecutive month. This entry of Clagger-I demonstrates that cyber criminals are continually developing new multi-pronged attacks and mass spamming campaigns to generate illegitimate income.

The top ten malware in March 2006 were as follows:

Position Last
Malware Percentage of reports
Others 36.5%

First seen at the start of March, the Clagger-I Trojan horse was aggressively seeded by its creator using spam technology, in an attempt to infect as many people as possible in the shortest amount of time. Clagger-I was spammed out disguised as an email from PayPal, but a legitimate message from the online payment service, commonly used by eBay users, would never contain an attached executable file.

"All computer users should treat any unsolicited email attachments with extreme caution, or they run the risk of being ripped off," said Graham Cluley, senior technology consultant at Sophos. "Anyone unfortunate enough to run malicious software could potentially be allowing hackers to gain access to their computer to spy, steal and cause havoc. Users need to savvy-up to reduce the risk of being taken in by greedy, money-grabbing internet criminals."

The two re-entries this month, MyDoom-AJ in fourth position and Mytob-Z at tenth, were both first detected in April 2005. These worm variants have been absent from the top ten for several months, but this resurgence shows their ongoing potential to cause damage.

"Mytob-Z is a particularly tricky worm - not only can it spread like wildfire, but it plants a backdoor Trojan horse," continued Cluley. "Once infection has occurred, the unfortunate user's computer can then be spied upon or used to send spam or launch denial of service attacks. The worm's re-entry into the chart this month is a further indication of cyber criminals employing malware for their ill-gotten gains. Without a consolidated security solution in place, businesses and home users risk fighting a losing battle against financially motivated threats and leave their computers and networks open to attack."

Nyxem-D, the Kama Sutra worm, which uses a variety of pornographic disguises in an attempt to spread and disable security software, is at number three this month. Despite the widespread publicity this worm has received since it was first detected in January 2006, it continues to plague and fool users. However, this worm has failed to topple old-timers Netsky-P and this month's worst offender, Zafi-B.

Sophos's research shows that 0.9% or one in 108 emails is viral. The company now identifies and protects against a total of 120,042 email threats, an increase of 850 on last month.

The top ten hoaxes and chain letters in March 2006 were as follows:

Position Hoax Percentage of reports
1Olympic torch
2Hotmail hoax
3Music Top 50
4Bonsai kitten
4Budweiser frogs screensaver
6Meninas da Playboy
7MSN is closing down
8A virtual card for you
9Paying for MSN
10Bill Gates fortune

"The hoax chart has received a shake-up this month, with the Hotmail hoax finally being toppled off the top spot after 20 months, and the arrival of two new entries that seem to be fooling users," said Cluley. "The Olympic torch chain letter, which warns recipients that their hard disk will be 'burned' if a certain attachment is opened, has gathered momentum, leaping up the chart to number one. By instilling panic in users about the safety of their computers, the hoaxer has clearly hit on a raw nerve."

Sophos has made available a free, constantly updated RSS information feed which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are also available.

For more information about the latest trends in viruses, spyware and spam read the in-depth Sophos Security Threat Management Report 2005:

Download "Sophos Security Threat Management Report 2005" Download the report

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at