Ms Jolie emails blamed for rising monthly malware stats

IT security and control firm Sophos has revealed the most prevalent malware threats causing problems for computer users around the world during September 2007.

The figures, compiled by Sophos's global network of monitoring stations, have shown a rise in the percentage of infected email. Overall in September, 0.12 percent of emails were carrying malicious email attachments, or 1 in every 833, compared to 1 in every 1000 during August. This is primarily due to a coordinated campaign by hackers to spam out the Pushdo Trojan horse en masse during the second half of September. The emails, which pose as naked pictures of Hollywood actresses such as Angelina Jolie and "Holly Berry" [sic], carry a malicious payload designed to give criminal hackers control over infected PCs. During a single 24-hour period in the last week of September, Sophos reports that the Pushdo Trojan accounted for almost 4 in every 5 infected emails.

Top ten email threats

The top ten list of email-based malware threats in September 2007 reads as follows:

1 1 W32/Netsky
29.90%
29.90%
2 4 Troj/Pushdo
27.4%
27.4%
3 3 W32/Mytob
9.2%
9.2%
4 2 W32/Zafi
8.3%
8.3%
5 Re-entry Mal/IFrame
6.0%
6.0%
6 Re-entry Mal/Behav
4.6%
4.6%
7 6 W32/MyDoom
4.1%
4.1%
8 New Mal/Basine
2.5%
2.5%
9 8 W32/Bagle
1.4%
1.4%
10 10 W32/Traxg
1.2%
1.2%
Others 5.4%

"The Pushdo Trojan has been spammed out every Wednesday since March 2007 using a variety of enticing disguises, but lately, the cybercriminals have stepped up a gear and begun to spam innocent computer users at any time and on any day of the week," said Carole Theriault, senior security consultant at Sophos. "The trick of tempting users with scantily clad pictures of hot-looking girls is as old as the hills - but people still fall for it. This outbreak underlines that hackers have not turned their backs on using email as a vector for attack. It's essential that companies and individuals alike protect their gateways and inboxes with a secure defence, and think before they open unsolicited emails."

The malicious emails claimed to contain nude pictures of celebrities like Angelina Jolie


The malicious emails claimed to contain nude pictures of celebrities like Angelina Jolie.

Top ten web threats

Meanwhile, web attacks are continuing to cause concern for computer users around the world, with the top two threats, Mal/Iframe and ObfJS, accounting for over three quarters of infected webpages. During September, Sophos detected an average of 5,400 new compromised webpages hosting malicious code each day.

The top ten list of web-based malware threats in September 2007 reads as follows:

1 1 Mal/IFrame
59.5%
59.5%
2 2 Mal/ObfJS
17.0%
17.0%
3 3 Troj/Decdec
3.7%
3.7%
4 4 Troj/Fujif
3.6%
3.6%
5 5 Mal/EncPk
1.6%
1.6%
6= New Troj/Iffy
1.3%
1.3%
6= 8 Troj/Pintadd
1.3%
1.3%
7 6 Troj/Psyme
1.0%
1.0%
8 7 Mal/Packer
0.9%
0.9%
9 New Troj/Ifradv
0.8%
0.8%
Others 9.3%

Mal/Iframe continues its dominance at the top of the chart, accounting for almost 6 out of every 10 infected webpages detected by Sophos during September. This is primarily due to the threat's continued success in China. Second in the chart, Mal/ObfJS accounted for 17 percent of compromised webpages. Earlier in the month, Sophos reported that webpages of the US Consulate General in St.Petersburg, Russia, were compromised by hackers using this malware, despite the fact that protection has been available since May this year.

"Of course it is seriously worrying when a reputable government site falls victim to a random web attack - it suggests that security is not being taken seriously," said Theriault. "Thankfully, the US Consulate General was most certainly aware of the cyber threat to both its sensitive data and visitors to its website, and the malicious code was removed quickly. What can the rest of us learn from this? Make sure that your site is not vulnerable in the first place, and if disaster does strike, have the tools and the knowledge on hand to spot the attack and clean it up as quickly as possible."

Top malware-hosting countries

The top ten list of countries hosting malware-infected webpages in September 2007 reads as follows:

1 1 China (inc. HK)
54.9%
54.9%
2 2 United States
17.1%
17.1%
3 3 Russia
14.4%
14.4%
4 4 Ukraine
3.7%
3.7%
5 6 Germany
1.0%
1.0%
6= 9= United Kingdom
0.7%
0.7%
6= 5 Poland
0.7%
0.7%
6= 7 Netherlands
0.7%
0.7%
7= Re-entry Czech Republic
0.6%
0.6%
7= 9= Canada
0.6%
0.6%
Others 5.6%

China remains top of the chart, hosting more than half of all the infected webpages detected by Sophos during September. The proportion of compromised pages hosted in the US has dropped during the last month from 20.8 percent to 17.1 percent, but the number of infected pages hosted in Russia has increased from 11.3 percent to 14.4 percent. Overall, more than 85 percent of all compromised webpages worldwide are hosted in just three countries.

"Ukraine however stands out as a country with a disproportionate number of infected webpages," continued Theriault. "This is likely to be a result of a lack of IT education and available resource to tackle web based malware. Ukrainian authorities should consider raising the profile of the cybercrime threat; through action, education and legislation, Ukraine could disappear completely from the top ten."

Top ten hoaxes and scams

During August, Sophos continued to see hoaxes and chainletters spreading between internet users via email.

The top ten list of email hoaxes and scams in September 2007 reads as follows:

1 A virtual card for you
7.4%
7.4%
2 Olympic torch
6.1%
6.1%
3 Hotmail hoax
5.1%
5.1%
4 Bum_tnoo7 Facebook hacker
5.1%
5.1%
5 Justice for Jamie
3.5%
3.5%
6 Bill Gates fortune
2.9%
2.9%
7 Bonsai kitten
2.7%
2.7%
8 Heart attacks and warm water
2.2%
2.2%
9 MSN is closing down
2.0%
2.0%
10 Music Top 50
1.7%
1.7%
Others 61.3%

Sophos experts have compiled simple best practice guides to adopting a multi-layered defense. With blended threats, spam and phishing attacks on the rise it has never been more important to educate end users about how best to protect themselves.