Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Sophos : 3 year old worm accounts for almost a quater of email-borne malware

February 2010 by Sophos

IT security and control firm Sophos has revealed the most prevalent malware threats and countries causing problems for computer users around the world during November 2007.

The study, compiled by Sophos’s global network of monitoring stations, has shown that old-timer, Traxg, has leapt to number two in the chart, accounting for nearly 25 percent of all recorded email-borne malware in November, despite first being detected more than three years ago in October 2004. Pushdo once again topped the chart in November, in a month that has seen the malware author continue to release a number of variants, including the latest offering - a naked video of Britney Spears - in an attempt to entice and dupe unwary users.

The top ten list of email-based malware threats in November 2007 reads as follows:

1. Troj/Pushdo 29.3%
2. W32/Traxg 23.6%
3. W32/Netsky 17.8%
4. Mal/Dropper 5.4%
5. W32/Zafi 5.0%
6. W32/Mytob 4.8%
7. W32/Flcss 3.3%
8. W32/MyDoom 2.9%
9. W32/Strati 2.8%
10. W32/Bagle 1.0%

Others 5.1%

"Traxg hurtling into second position this month has come as a complete surprise, and the fact that unsophisticated worms are still slipping through the net at such a rate of knots is a clear indication that huge numbers of users, and potentially companies, are failing to install even basic anti-virus protection," said Graham Cluley, senior technology consultant at Sophos. "In first place, Pushdo continues to wreak havoc. A clear reason for its ongoing success is the guilty cybercriminal’s ability to quickly create different variants, which are being spread voraciously in a range of spam messages. Each new piece of spam that harbours the trojan has been created to tempt users, and whether it’s enticing them to watch videos of Britney or view naked pictures of Angelina, this fraudster’s tactics are certainly working."

Overall in November, 0.1 percent of emails were carrying malicious email attachments, or one in every 1,000. Meanwhile, web attacks have risen this month, with Sophos detecting 7,500 new infected webpages every day, an increase of more than a third when compared to the same period in October.

The top ten list of web-based malware threats in November 2007 reads as follows:

1. Mal/Iframe 69.6%
2. Mal/ObfJS 11.6%
3. Troj/Unif 3.7%
4. Troj/Decdec 2.3%
5. Troj/Fujif 1.2%
6. W32/Feebs 1.0%
7= Troj/Unsc 0.7% new entry
7= Mal/Packer 0.7%
9. Mal/Behav 0.6%
10. Mal/FunDF 0.5%

Others 8.1%

Mal/Iframe once again topped the chart this month, accounting for more than two thirds of all infected web pages found in November, with Mal/ObfJS also maintaining its position in second place. Elsewhere in the chart, Unsc, a Trojan that attempts to download malicious code from the web, has made a first appearance at number seven. Meanwhile, webpages hosted in China continue to be plagued by Mal/Iframe, and overall the country hosted more than 50 percent of this month’s infected webpages.

The top ten list of countries hosting malware-infected webpages in November 2007 reads as follows:

1. China 55.2%
2. United States 19.7%
3. Russia 11.4%
4. Ukraine 2.0%
5. Germany 1.6%
6. Turkey 1.4% new entry
7. Canada 0.8%
8= United Kingdom 0.7% new entry
8= Poland 0.7% new entry
10. France 0.6% new entry

Others 5.9%

"The big three - China, the US and Russia - continue to dominate the chart, accounting for more than 85 percent of all infected webpages world-wide," continued Cluley. "Despite this, the fluctuation in the rest of the chart, highlighted by the four new entries this month, shows that this is very much a global problem. To stop it turning into a major pandemic, web hosts throughout the world would be well advised to clean up their sites and quash the hackers by installing web security protection."

See previous articles


See next articles