Top ten malware threats and hoaxes reported to Sophos in April 2006

Sophos Press Release

Days appear numbered for mass-mailing worms as Trojans amount to 86% of discovered threats

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten malware threats and hoaxes causing problems for businesses around the world during the month of April 2006.

The report, compiled from Sophos's global network of monitoring stations, reveals that Netsky-P, which recently celebrated its second birthday, has returned to the top of the virus chart, replacing Zafi-B, which Sophos first protected against 22 months ago. However as a proportion of all malware, email viruses and worms continue to decline - 86% of the threats discovered by Sophos during April were Trojan horses, used by hackers to download malicious code, spy on users, steal information or gain unauthorised access to computers.

The top ten viruses in April 2006 were as follows:

Position Last
Malware Percentage of reports
Others 35.8%

"While email worms occupy the top spots, it's clear that Trojan horses represent by far the most prominent threat to IT security," said Carole Theriault, senior security consultant at Sophos. "Trojans are constantly being fine-tuned by hackers to catch out specific targets. As they are likely to be more difficult to identify, there's a danger that more individuals will make the mistake of clicking on an unsolicited attachment or a dubious weblink."

In addition, Sophos found that at least 28% of threats reported during April allow an unauthorized third party to access the computer remotely - further evidence that hackers are now primarily motivated by financial or data theft rather than simply to cause disruption.

The fact that fewer mass-mailing worms are being created while cybercriminals are focusing their efforts on smaller, targeted attacks, has meant that long established threats continue to dominate the top ten. This proves that many computer users are still failing to update their protection and remove the risk of infection from these old nasties.

"It's astonishing that Netsky-P is still going strong 25 months on, and users with insufficient malware protection must take the brunt of the blame for giving it this continued lease of life," continued Theriault. "While greater education is helping bring some users up-to-speed on IT security threats, Netsky and Zafi continue to linger, and many may wonder if Microsoft will strike the killer blow to these worms when it releases its Windows Vista operating system in 2007."

Security has long been publicised as the major addition in the next instalment of Microsoft's widely-used Windows operating system, however details are still emerging as to how all-encompassing the new Vista security features will be, or the potential impact on malware designed for older versions of Windows.

"It's important to remember that as older threats are vanquished, others will undoubtedly take their place," explained Theriault. "Mass-mailing worms may be in decline, but it's highly unlikely that they will disappear entirely - the introduction of a major new operating system may even spark a new wave of threats, as virus writers try to find holes in the product."

Elsewhere in the virus chart, there are re-entries for two Mytob variants, Mytob-C and Mytob-AS, while another email worm, Dolebot-A, enters the chart for the first time in ninth position, accounting for 2.2% of all viruses reported. Sophos's research shows that 0.7% or one in 141 emails is viral. The company now identifies and protects against a total of 121,096 threats, an increase of 1054 on last month.

The top ten hoaxes and chain letters in April 2006 were as follows:

Position Hoax Percentage of reports
1Hotmail hoax
2Music Top 50
3Olympic torch
4Meninas da Playboy
5Bonsai kitten
6MSN is closing down
7Justice for Jamie
8Budweiser frogs screensaver
9Bill Gates fortune
10Paying for MSN

"It's a return to the top of the charts for the Hotmail hoax this month, while the Dutch language Music Top 50 chain letter has grown in prevalence, clogging bandwidth and wasting computer users' time," said Theriault. "The chain letter purports to be from a new television programme, and falsely promises a free Discman for recipients that forward on the email to others. Given that we're now firmly in the age of the iPod, it's surprising that such outdated hoaxes continue to fool people - our advice is if an offer sounds too good to be true, it probably isn't the real deal."

Sophos has made available a free, constantly updated RSS information feed which means users can always find out about the latest viruses and hoaxes.

Graphics of the above top ten virus chart are also available.

For more information about the latest trends in viruses, spyware and spam read the in-depth Sophos Security Threat Management Report 2005:

Download "Sophos Security Threat Management Report 2005" Download the report

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at