Sophos announces top ten web and email-borne malicious threats for September 2007
October 2007 by Sophos
IT security and control firm Sophos has revealed the most prevalent malware threats causing problems for computer users around the world during September 2007.
The figures, compiled by Sophos’s global network of monitoring stations, have shown a rise in the percentage of infected email.
Overall in September, 0.12 percent of emails were carrying malicious email attachments, or 1 in every 833, compared to 1 in every 1000 during August. This is primarily due to a coordinated campaign by hackers to spam out the Pushdo Trojan horse en masse during the second half of September. The emails, which pose as naked pictures of Hollywood actresses such as Angelina Jolie and "Holly Berry" [sic], carry a malicious payload designed to give criminal hackers control over infected PCs. During a single 24-hour period in the last week of September, Sophos reports that the Pushdo Trojan accounted for almost
4 in every 5 infected emails.
The top ten list of email-based malware threats in September 2007 reads as follows:
1. W32/Netsky 29.9%
2. Troj/Pushdo 27.4%
3. W32/Mytob 9.2%
4. W32/Zafi 8.3%
5. Mal/Iframe 6.0%
6. Mal/Behav 4.6%
7. W32/MyDoom 4.1%
8. Mal/Basine 2.5%
9. W32/Bagle 1.4%
10. W32/Traxg 1.2%
"The Pushdo Trojan has been spammed out every Wednesday since March
2007 using a variety of enticing disguises, but lately, the cybercriminals have stepped up a gear and begun to spam innocent computer users at any time and on any day of the week," said Carole Theriault, senior security consultant at Sophos. "The trick of tempting users with scantily clad pictures of hot-looking girls is as old as the hills - but people still fall for it. This outbreak underlines that hackers have not turned their backs on using email as a vector for attack. It’s essential that companies and individuals alike protect their gateways and inboxes with a secure defence, and think before they open unsolicited emails."
An image of a typical Pushdo-infected email posing as the pictures of Angelina Jolie can be found here:
Meanwhile, web attacks are continuing to cause concern for computer users around the world, with the top two threats, Mal/Iframe and ObfJS, accounting for over three quarters of infected webpages.
During September, Sophos detected an average of 5,400 new compromised webpages hosting malicious code each day.
The top ten list of web-based malware threats in September 2007 reads as follows:
1. Mal/Iframe 59.5%
2. Mal/ObfJS 17.0%
3. Troj/Decdec 3.7%
4. Troj/Fujif 3.6%
5. Mal/EncPk 1.6%
6. Troj/Iffy 1.3%
7. Troj/Pintadd 1.3%
8. Troj/Psyme 1.0%
9. Mal/Packer 0.9%
10. Troj/Ifradv 0.8%
Mal/Iframe continues its dominance at the top of the chart, accounting for almost 6 out of every 10 infected webpages detected by Sophos during September. This is primarily due to the threat’s continued success in China. Second in the chart, Mal/ObfJS accounted for 17 percent of compromised webpages. Earlier in the month, Sophos reported that webpages of the US Consulate General in St.Petersburg, Russia, were compromised by hackers using this malware, despite the fact that protection has been available since May this year.
"Of course it is seriously worrying when a reputable government site falls victim to a random web attack - it suggests that security is not being taken seriously," said Theriault. "Thankfully, the US Consulate General was most certainly aware of the cyber threat to both its sensitive data and visitors to its website, and the malicious code was removed quickly. What can the rest of us learn from this? Make sure that your site is not vulnerable in the first place, and if disaster does strike, have the tools and the knowledge on hand to spot the attack and clean it up as quickly as possible."
The top ten list of countries hosting malware-infected webpages in September 2007 reads as follows:
1. China (incl Hong Kong) 54.9%
2. United States 17.1%
3. Russia 14.4%
4. Ukraine 3.7%
5. Germany 1.0%
=6.United Kingdom 0.7%
=9.Czech Republic 0.6%
China remains top of the chart, hosting more than half of all the infected webpages detected by Sophos during September. The proportion of compromised pages hosted in the US has dropped during the last month from 20.8 percent to 17.1 percent, but the number of infected pages hosted in Russia has increased from 11.3 percent to 14.4 percent. Overall, more than 85 percent of all compromised webpages worldwide are hosted in just three countries.
"Ukraine however stands out as a country with a disproportionate number of infected webpages," continued Theriault. "This is likely to be a result of a lack of IT education and available resource to tackle web based malware. Ukrainian authorities should consider raising the profile of the cybercrime threat; through action, education and legislation, Ukraine could disappear completely from the top ten."
For more information about safe computing, including anti-hoax policies, please visit: