Top ten malware threats and hoaxes reported to Sophos in May 2006

Sophos Press Release

Viruses and worms account for just 12.3% of all malware

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the most prevalent malware threats and hoaxes causing problems for businesses around the world during May 2006.

The report, compiled from Sophos's global network of monitoring stations, reveals that the Netsky-P worm, first seen in March 2004, remains the most widespread piece of malware spreading via email. The family of Mytob worms are also causing multiple infections, with five variants appearing in the top ten.

Sophos identified 1,538 new threats in May, bringing the total of malware protected against to 122,634. The majority of the new threats (85.1%) were Trojan horses, while just 12.3% were worms or viruses.

The proportion of email which is virus infected has dropped considerably over the last year as hackers have turned from mass-mailing attacks to targeted Trojan horses. In May 2005, one in every 38 emails was infected, now this number is just one in 141.

The top ten list of malware in May 2006 reads as follows:

Position Last
Malware Percentage of reports
Others 35.2%

"Netsky-P's strong position at the top of the chart shouldn't fool anyone into thinking that the malware problem is in the past. The threat environment is actually becoming much more sinister, as we see more targeted malware attacks use spyware technology to snoop upon individuals and businesses," said Carole Theriault, senior security consultant at Sophos. "Businesses need to think more holistically about their IT defences. Anti-virus protection at both the gateway and the desktop must be accompanied by firewalls, regular security patch upgrades and safe computing best practice."

The top ten hoaxes and chain letters in May 2006 were as follows:

Position Hoax Percentage of reports
1Olympic torch
2Hotmail hoax
3Justice for Jamie
4Bonsai kitten
5Budweiser frogs screensaver
6Meninas da Playboy
7MSN is closing down
8Bill Gates fortune
9MySpace J_Neutron07 virus
10WTC Survivor

"This month's number one, the Olympic Torch hoax, warns recipients that their hard disk will be 'burned' if a certain attachment is opened," said Theriault. "Meanwhile, the popular MySpace online community is beginning to experience hoaxes of its own as members spread bogus warnings to each other. Hoaxes and chain letters like these cause users to panic, and it's wise to remember to always think twice and check the facts before forwarding an email warning."

Graphics of the above top ten virus chart are available.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at