Three of the top ten malware threats run on Microsoft Vista, Sophos tests show

Sophos Press Release

Sophos announces top ten threats and hoaxes reported in November 2006

Sophos, a world leader in IT security, has revealed the most prevalent malware threats and hoaxes causing problems for computer users around the world during November 2006.

The figures, compiled from Sophos's global network of monitoring stations, show that the W32/Stratio-Zip worm has overtaken W32/Netsky-P as the most widely circulated piece of malware, accounting for one third of the total number of reports.

Sophos experts note that on the launch date of Microsoft's Windows Vista operating system, three of the top ten - including Stratio-Zip - are capable of bypassing the operating system's security defences and infecting users' PCs. The Vista-resistant malware - W32/Stratio-Zip, W32/Netsky-D and W32/MyDoom-O - comprise 39.7% of all malware currently circulating.

The top ten list of malware in November 2006 reads as follows:

Position Last
Virus Percentage of reports
1 3 W32/Stratio-Zip
2 1 W32/Netsky-P
3 4 W32/Bagle-Zip
4 8 W32/Zafi-B
5 5 W32/Netsky-D
6 9 W32/Nyxem-D
6 Re-entry W32/MyDoom-O
8 7 W32/Mytob-C
9 New W32/Sality-AA
10 Re-entry W32/Zafi-D
Others 25.9%

Sophos tested each piece of malware in the top ten on the Vista operating system to establish whether users running Vista without any third-party security software would avoid infection.

The results showed that while the Windows Mail email client (Vista's upgrade of Outlook) was able to identify and halt all of the threats, W32/Stratio-Zip, W32/Netsky-D and W32/MyDoom-O - each of which are commonly disseminated via email - were able to bypass the defences when accessed via a third-party web email client. This represents a serious issue for businesses who allow employees to access their personal email at work, as well as for companies that are considering adopting an alternative email client.

"There has been much speculation about whether Vista would render existing malware extinct, and the news is now in - it won't," said Carole Theriault, senior security consultant at Sophos. "While Microsoft should be commended for the huge security improvements it has made in Vista, running separate security software is still essential to eliminate the risk of infection. On top of this, cyber criminals will already be looking at creating Vista-specific malware. Users need to think carefully about whether their current solution is going to offer sufficient protection against such emerging threats, given that some vendors continue to experience problems adapting their software for the Vista operating environment."

Sophos Anti-Virus for Windows Vista was released in November 2006

Sophos Anti-Virus for Windows Vista was released in November 2006.

The proportion of infected email continues to remain low, at just one in 357 (0.28%), while during November Sophos identified a record number of new threats - 7,612 - bringing the total number of malware protected against to 201,433.

The top ten hoaxes and chain letters in November 2006 were as follows:

Position Hoax Percentage of reports
1 Hotmail hoax
2 Olympic torch
3 Budweiser frogs screensaver
4 Parcel Delivery Service scam
5 A virtual card for you
6 Bonsai kitten
7 Justice for Jamie
8 MSN is closing down
9 Meninas da Playboy
10 Applebees Gift Certificate
Others 54.9%

Graphics of the above top ten malware chart are available.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at