The Month of Malicious Spam: Fraudsters Step up Attempts to Infect PC Users

    Sophos Announces Top 10 Web and Email Borne Threats for August 2007

    BOSTON, September 4 /CNW/ - Sophos, a world leader in IT security and
control, has revealed the most prevalent malware threats causing problems for
computer users around the world during August 2007.

    The figures, compiled by Sophos's global network of monitoring stations,
show a dramatic drop in malware spreading in the form of email attachments,
with just one infected message in every 1,000 emails in August, compared to
one in 322 during the first six months of 2007.

    Spam, however, has continued to be a problem - much of it linking to
malicious websites designed to infect users. A series of large-scale attacks
have been made via spam email, directing users to infected webpages with the
promise of ecards, pictures of nude celebrities, YouTube movies and pop music
videos. People visiting these sites are running the risk of having their PCs
infected by malicious code, which can then steal personal information, spam
out more malware and junk email, or launch distributed denial of service
attacks against innocent parties.

    The total number of infected webpages continues to grow, although at a
slightly slower rate than the month before. During August, Sophos detected an
average of 5,000 new infected webpages each day, compared to 6,000 in July.

    There was also a sharp spike in spam activity in the middle of August due
to one of the world's largest ever single spam campaigns, which was designed
to manipulate stock prices.

    The top 10 list of web-based malware threats in August 2007 includes:

    1. Mal/Iframe       47.8%
    2. Mal/ObfJS        17.7%
    3. Troj/Decdec      14.0%
    4. Troj/Fujif       4.3%
    5. Mal/EncPk        2.5%
    6. Troj/Psyme       2.2%
    7. Mal/Packer       1.1%
    8. Troj/Pintadd     1.0%
    9. VBS/Redlof       0.7%
    10. Mal/Behav       0.5%

        Others          8.2%

    Mal/Iframe and ObfJS have retained their positions at the top of the
chart, while Decdec has crept up to third place, accounting for 14 percent of
this month's web-based malware, which is up 11 percent from July.

    "Whether operating a computer for personal use or business use, people
must be aware that cybercriminals are on the prowl using a one-two punch
system that combines regular email scams with sophisticated web-based malware
attacks," said Ron O'Brien, senior security analyst at Boston-based Sophos.
"IT managers, web hosts and ISPs alone cannot defend against malicious attacks
entirely. Users must become better educated about the types of threats out
there, as well as the tools available to protect themselves from such

    The top 10 list of countries hosting malware-infected web pages in August
2007 includes:

    1. China (inc. Hong Kong)   44.8%
    2. United States            20.8%
    3. Russia                   11.3%
    4. Ukraine                  7.7%
    5. Poland                   2.4%
    6. Germany                  1.6%
    7. Netherlands              1.1%
    8. Italy                    0.9%
    9= Canada                   0.8%
    9= United Kingdom           0.8%

      Others                    7.8%

    While the top three countries hosting malware-infected webpages during
August have remained unchanged from July, the percentage of malicious pages
hosted by them has dropped by 10 percent to 76.6 percent. The proportion of
infected pages hosted by the Ukraine has more than doubled in the last month,
and the Netherlands, Italy and Canada have all re-entered the chart.

    The top 10 list of email-based malware threats in August 2007 includes:

    1. W32/Netsky       30.5%
    2. W32/Zafi         20.0%
    3. W32/Mytob        15.0%
    4. Troj/Pushdo      10.8%
    5. Troj/Dloadr      4.8%
    6. W32/MyDoom       4.4%
    7. Mal/Dropper      2.3%
    8. W32/Bagle        2.1%
    9. W32/Sality       1.8%
    10. W32/Traxg       1.2%

      Others            7.1%

    While the Pushdo Trojan horse has been around since March, it is a
newcomer to the top 10, accounting for 10.8 percent of all email borne malware
during August. Its rise can be attributed to the fact that four new variants
of Pushdo are currently being spammed out every day, in a bid to try and
bypass security systems.

    "Sophos has noted throughout the past months that there is a considerable
rise in web-based attacks, while email-only threats are on the decline," said
O'Brien. "Such new delivery techniques are designed to skate by security
filters. However, SophosLabs continues to identify variants of older malware
being released in these scams, making it easier for our technology to detect
and defend against the threats."

    During August, Sophos continued to see hoaxes and chainletters spreading
between internet users via email. One new hoax, which took advantage of the
growing popularity of social networking websites, warned that Facebook users
who accepted a friend invitation from a user called Bum_tnoo7 would be opening
themselves up to identity theft.

    Graphics of the above top ten virus chart are available at

    For more information about safe computing, including anti-hoax policies,
please visit:

    About Sophos

    Sophos is a world leader in IT security and control. Sophos offers
complete protection and control to business, education and government
organizations - defending against known and unknown malware, spyware,
intrusions, unwanted applications, spam, policy abuse and uncontrolled network
access (NAC). Sophos's reliably engineered, easy-to-operate products protect
more than 100 million users in more than 150 countries and are procured
exclusively through channel partners. Through over 20 years' experience and a
global network of threat analysis centers, the company responds rapidly to
emerging threats and achieves the highest levels of customer satisfaction in
the industry. Sophos is a global company with headquarters in Boston, MA, and
Oxford, UK. For more information on Sophos, visit and for the
latest breaking security updates please visit the SophosLabs blog,

For further information:

For further information: Racepoint Group Heather Ailara, 781-487-4650 or Sophos Jennifer Torode, 781-494-5885

Organization Profile


More on this organization

Custom Packages

Browse our custom packages or build your own to meet your unique communications needs.

Start today.

CNW Membership

Fill out a CNW membership form or contact us at 1 (877) 269-7890

Learn about CNW services

Request more information about CNW products and services or call us at 1 (877) 269-7890