Top 10 Viruses and Hoaxes Reported To Sophos in March 2006

Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten viruses and hoaxes causing problems for businesses around the world during the month of March 2006.

The report, compiled from Sophos’s global network of monitoring stations, reveals that whilst the chart is dominated by long-established threats, a Trojan horse has penetrated the top ten for the second consecutive month. This entry of Clagger-I demonstrates that cyber criminals are continually developing new multi-pronged attacks and mass-spamming campaigns to generate illegitimate income.

The top ten malware in March 2006 were as follows:

1. Zafi-B 17.3%
2. Netsky-P 15.3%
3. Nyxem-D 7.9%
4. MyDoom-AJ 4.1% Re-entry
5. Mytob-EX 3.6%
6. Clagger-I 3.4% New entry
7. Mytob-BE 3.1%
=8. Netsky-D 3.0%
=8. Mytob-FO 3.0%
10. Mytob-Z 2.8% Re-entry

Others 36.5%

First seen at the start of March, the Clagger-I Trojan horse was aggressively seeded by its creator using spam technology, in an attempt to infect as many people as possible in the shortest amount of time. Clagger-I was spammed out disguised as an email from PayPal, but a legitimate message from the online payment service, commonly used by eBay users, would never contain an attached executable file.

“All computer users should treat any unsolicited email attachments with extreme caution, or they run the risk of being ripped off,” said Graham Cluley, senior technology consultant at Sophos. “Anyone unfortunate enough to run malicious software could potentially be allowing hackers to gain access to their computer to spy, steal and cause havoc. Users need to savvy-up to reduce the risk of being taken in by greedy, money-grabbing internet criminals.”

The two re-entries this month, MyDoom-AJ in fourth position and Mytob-Z at tenth, were both first detected in April 2005. These worm variants have been absent from the top ten for several months, but this resurgence shows their ongoing potential to cause damage.

“Mytob-Z is a particularly tricky worm – not only can it spread like wildfire, but it plants a backdoor Trojan horse,” continued Cluley. “Once infection has occurred, the unfortunate user’s computer can then be spied upon or used to send spam or launch denial of service attacks. The worm’s re-entry into the chart this month is a further indication of cyber criminals employing malware for their ill-gotten gains. Without a consolidated security solution in place, businesses and home users risk fighting a losing battle against financially motivated threats and leave their computers and networks open to attack.”

Nyxem-D, the Kama Sutra worm, which uses a variety of pornographic disguises in an attempt to spread and disable security software, is at number three this month. Despite the widespread publicity this worm has received since it was first detected in January 2006, it continues to plague and fool users. However, Nyxem-D has failed to topple old-timers Netsky-P and this month’s worst offender, Zafi-B.

Sophos’s research shows that 0.9% or one in 108 emails is viral. The company now identifies and protects against a total of 120,042 email threats, an increase of 850 on last month.

The top ten hoaxes and chain letters in March 2006 were as follows:

1. Olympic torch 16.2%
2. Hotmail hoax 11.1%
3. Music Top 50 9.9% New entry
4. Bonsai kitten 5.7%
=4. Budweiser frogs screensaver 5.7%
6. Meninas da Playboy 4.6%
7. MSN is closing down 4.5%
8. A virtual card for you 3.3%
9. Paying for MSN 2.3% New entry
10. Bill Gates fortune 2.1%

Others 34.6%

“The hoax chart has received a shake-up this month, with the Hotmail hoax finally being toppled off the top spot after 20 months, and the arrival of two new entries that seem to be fooling users,” said Cluley. “The Olympic torch chain letter, which warns recipients that their hard disk will be ‘burned’ if a certain attachment is opened, has gathered momentum, leaping up the chart to number one. By instilling panic in users about the safety of their computers, the hoaxer has clearly hit on a raw nerve.”

Don't miss