Mytob worm grabs first place in 2006's malware chart

Sophos Press Release

Mytob family of worms rule the roost

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten malware threats of the last 12 months, in its indepth report into the year's most pressing security issues.

The 'Sophos Security Threat Report 2007' - which can be downloaded here - was compiled by the experts at SophosLabs™, and reveals that although the proportion of infected email fell from 1 in 44 in 2005 to just 1 in 337 (0.3%) in 2006, there was nevertheless some high-profile malware dropping into users' inboxes. Worms such as Mytob, Netsky and Sober spread widely via email in 2006.

The top ten malware families of the year, reported at Sophos's global network of monitoring stations, are as follows:

Position Malware Percentage
1 W32/Mytob
2 W32/Netsky
3 W32/Sober
4 W32/Zafi
5 W32/Nyxem
6 W32/Bagle
7 W32/MyDoom
8 W32/Stratio
9 Troj/Clagger
10 W32/Dref
Others 5.5%

"The list of top ten malware families reveals that variants of the Mytob worm continue to plague insufficiently protected users around the globe. Mytob first emerged in March 2005, yet people are still being infected by this email-aware worm," said Graham Cluley, senior technology consultant for Sophos. "With thousands of different variants of Mytob, many of which are hidden within bespoke compression code, it is likely to continue to hit unprotected computer users in 2007."

18-year-old Farid Essebar, a Russian-born resident of Morocco, who used the online handle "Diabl0", was sentenced to two years in jail in September for spreading the Zotob worm. Evidence found within some Mytob variants suggests that he was also involved in their creation.

The Sophos security report also unmasks the United States is the number one country for malware hosting and spam-relaying.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at