Top ten malware threats and hoaxes reported to Sophos in December 2006

Sophos Press Release

New Year's greeting worm topples Stratio as most prevalent malware

Sophos, a world leader in IT security, has revealed the most prevalent malware threats and email hoaxes causing problems for computer users around the world during December 2006.

The figures, compiled from Sophos's global network of monitoring stations, show that the long-established Dref malware has made an unexpected return to the top of the threat chart, thanks to two new variants currently causing problems for computer users worldwide.

The Dref-V mass-mailing worm, which poses as a New Year e-card, was discovered on December 30, 2006, and by the following day accounted for 93.7% of infected emails. As a result, Dref - which was first seen in July 2005 - has knocked last month's main offender Stratio (also known as Stration) off the top of the chart. Stratio, currently in fourth place, now accounts for just 7.8% of the total.

The top ten list of malware threats in December 2006 reads as follows:

Position Last
Virus Percentage of reports
1 New Dref
2 2 Netsky
3 8 Mytob
4 1 Stratio
5 3 Bagle
6 4 Zafi
7 6 MyDoom
8 9 Sality
9 6 Nyxem
10 New StraDl
Others 5.8%

"Dref has been spammed out far and wide in the last few days, and there's a danger that in the rush to get through the backlog of holiday emails, people might return to work and accidentally launch the malicious attachment," said Carole Theriault, senior security consultant at Sophos. "Its social engineering tactics are not new, so most businesses should have adequate defenses in place to tackle the worm. Having spread for only two days during the entire month, it is astonishing that Dref has secured the top position for most widespread piece of malicious code."

The proportion of infected email continues to remain low, at just one in 337 (0.30%), while during December Sophos identified 6,251 new threats, bringing the total number of malware protected against to 207,684.

The top ten hoaxes and chain letters in December 2006 were as follows:

Position Hoax Percentage of reports
1 Hotmail hoax
2 Olympic torch
3 Elf Bowling
4 Applebees Gift Certificate
5 Sainsbury's gift vouchers
6 Bonsai kitten
7 A virtual card for you
8 ATM Theft
9 Meninas da Playboy
10 Budweiser frogs screensaver
Others 40.9%

Graphics of the above top ten malware chart are available.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at