Top ten viruses and hoaxes reported to Sophos in February 2006

The report, compiled from Sophos’s global network of monitoring stations, reveals that a Trojan horse, Clagger-G, has infiltrated the chart this month, demonstrating that today’s financially motivated threats use a combination of malware and spam technology. Nyxem-D, dubbed the Kama Sutra worm, has crept up from fourth to second position, showing the success of its erotic camouflage.

The top ten viruses in February 2006 were as follows:

1. Netsky-P 13.9%
2. Nyxem-D 9.3%
3. Bagle-Zip 8.8% Re-entry
4. Zafi-B 8.4%
5. Mytob-FO 6.0%
6. Mytob-EX 3.7%
7. Bagle-CH 2.7% New entry
8. Clagger-G 2.6% New entry
9. Netsky-D 2.4%
10. Mytob-BE 2.3%

Others 39.9%

Nyxem-D was first detected on 18 January and is still gathering momentum, accounting for 9.3% of this month’s reported malware. The email worm uses a variety of pornographic disguises in an attempt to spread and disable security software.

However, this headline-grabbing worm has failed to topple old-timer Netsky-P, which has climbed back to the number one spot after three months in the shadow of Sober-Z, programmed to stop spreading on 6 January 2006. Netsky-P was first detected in March 2004, and has relentlessly blighted unprotected users ever since.

Most interesting is the appearance of Trojan horse, Clagger-G, in the chart this month at number eight, which is a clear demonstration of mass spamming holding its own against self-spreading malware.

“In order for this Clagger Trojan to make an appearance in the top ten, it must have been spammed out to millions and millions of email addresses worldwide,” said Carole Theriault, senior security consultant at Sophos. “Trojan horses, which cannot spread on their own, account for roughly two-thirds of all reported malware. Rather than mass bombardment, most Trojan creators focus on small targeted groups to pilfer cash and sensitive information.”

Bagle-Zip has burst into the chart at number three, while Bagle-CH, first detected on 7 February, has entered the chart at number seven.

“Businesses and individuals without computer protection in place are living in cloud-cuckoo-land – these worms can wreak havoc on a network but are easily controlled if an effective security policy is in place,” continued Theriault.

Sophos’s research shows that 1.1% or one in 90 emails is viral. The company now identifies and protects against a total of 119,192 email threats, an increase of 1,132 on last month.

The top ten hoaxes and chain letters in February 2006 were as follows:

1. Hotmail hoax 15.5% 20th month at number one
2. A virtual card for you 9.4%
3. Meninas da Playboy 7.5%
4. Bonsai kitten 7.2%
5. Budweiser frogs screensaver 4.8%
6. MSN is closing down 3.8%
7. Olympic torch 3.3% New entry
=7. WTC Survivor 3.3%
9. Bill Gates fortune 2.9%
10. Applebees Gift Certificate 2.3%

Others 40.0%

“The Olympic Torch hoax is plaguing users this month, riding on the back of worldwide fascination with the Winter Olympics,” continued Theriault. “Many people have panicked when faced with this hoax because it warns users to be wary of emails with the subject line ‘Invitation’ – claiming that it is ‘the most destructive virus ever’. Not only do these emails gobble up bandwidth, they also waste time and genuinely cause some victims to worry unduly.”