Sophos announces top ten web and email-borne malicious threats for September 2007 IT security and control firm Sophos has revealed the most prevalent malware threats causing problems for computer users around the world during September 2007.
The figures, compiled by Sophos's global network of monitoring stations, have shown a rise in the percentage of infected email. Overall in September, 0.12 percent of emails were carrying malicious email attachments, or 1 in every 833, compared to 1 in every 1000 during August. This is primarily due to a coordinated campaign by hackers to spam out the Pushdo Trojan horse en masse during the second half of September. The emails, which pose as naked pictures of Hollywood actresses such as Angelina Jolie and "Holly Berry" [sic], carry a malicious payload
designed to give criminal hackers control over infected PCs. During a single 24-hour period in the last week of September, Sophos reports that the Pushdo Trojan for almost 4 in every 5 infected emails.
Top ten email threats
The figures, compiled by Sophos's global network of monitoring stations, have shown a rise in the percentage of infected email. Overall in September, 0.12 percent of emails were carrying malicious email attachments, or 1 in every 833, compared to 1 in every 1000 during August. This is primarily due to a coordinated campaign by hackers to spam out the Pushdo Trojan horse en masse during the second half of September. The emails, which pose as naked pictures of Hollywood actresses such as Angelina Jolie and "Holly Berry" [sic], carry a malicious payload
designed to give criminal hackers control over infected PCs. During a single 24-hour period in the last week of September, Sophos reports that the Pushdo Trojan for almost 4 in every 5 infected emails.
Top ten email threats
The top ten list of email-based malware threats for September 2007:
Position Lastmonth Malware Percentage of reports
Position Lastmonth Malware Percentage of reports
1 1 W32/Netsky 29.90%
2 4 Troj/Pushdo 27.4%
3 3 W32/Mytob 9.2%
4 2 W32/Zafi 8.3%
5 Re-entry Mal/IFrame 6.0%
6 Re-entry Mal/Behav 4.6%
7 6 W32/MyDoom 4.1%
8 New Mal/Basine 2.5%
9 8 W32/Bagle 1.4%
10 10 W32/Traxg 1.2%
Others 5.4%
"The Pushdo Trojan has been spammed out every Wednesday since March 2007 using a variety of enticing disguises, but lately, the cybercriminals have stepped up a gear and begun to spam innocent computer users at any time and on any day of the week," said Carole Theriault, senior security consultant at Sophos. "The trick of tempting users with scantily clad pictures of hot-looking girls is as old as the hills - but people still fall for it. This outbreak underlines that hackers have not turned their backs on using email as a vector for attack. It's essential that
companies and individuals alike protect their gateways and inboxes with a secure defence, and think before they open unsolicited emails."
The malicious emails are claiming to contain nude pictures of celebrities like Angelina Jolie.
Top ten web threatsMeanwhile, web attacks are continuing to cause concern for computer users around the world, with the top two threats, Mal/Iframe and ObfJS, accounting for over three quarters of infected webpages. During September, Sophos detected an average of 5,400 new compromised webpages hosting malicious code each day.
The top ten list of web-based malware threats for September 2007:
"The Pushdo Trojan has been spammed out every Wednesday since March 2007 using a variety of enticing disguises, but lately, the cybercriminals have stepped up a gear and begun to spam innocent computer users at any time and on any day of the week," said Carole Theriault, senior security consultant at Sophos. "The trick of tempting users with scantily clad pictures of hot-looking girls is as old as the hills - but people still fall for it. This outbreak underlines that hackers have not turned their backs on using email as a vector for attack. It's essential that
companies and individuals alike protect their gateways and inboxes with a secure defence, and think before they open unsolicited emails."
The malicious emails are claiming to contain nude pictures of celebrities like Angelina Jolie.
Top ten web threatsMeanwhile, web attacks are continuing to cause concern for computer users around the world, with the top two threats, Mal/Iframe and ObfJS, accounting for over three quarters of infected webpages. During September, Sophos detected an average of 5,400 new compromised webpages hosting malicious code each day.
The top ten list of web-based malware threats for September 2007:
Position Lastmonth Malware Percentage of reports
1 1 Mal/IFrame 59.5%
2 2 Mal/ObfJS 17.0%
3 3 Troj/Decdec 3.7%
4 4 Troj/Fujif 3.6%
5 5 Mal/EncPk 1.6%
6= New Troj/Iffy 1.3%
6= 8 Troj/Pintadd 1.3%
7 6 Troj/Psyme 1.0%
8 7 Mal/Packer 0.9%
9 New Troj/Ifradv 0.8%
Others 9.3%
Mal/Iframe continues its dominance at the top of the chart, accounting for almost 6 out of every 10 infected webpages detected by Sophos during September. This is primarily due to the threat's continued success in China. Second in the chart, Mal/ObfJS accounted for 17 percent of compromised webpages. Earlier in the month, Sophos reported that webpages of the US Consulate General in
St.Petersburg, Russia, were compromised by hackers using this malware, despite
the fact that protection has been available since May this year.
"Of course it is seriously worrying when a reputable government site falls victim to a random web attack - it suggests that security is not being taken seriously," said Theriault. "Thankfully, the US Consulate General was most certainly aware of the cyber threat to both its sensitive data and visitors to its website, and the malicious code was removed quickly. What can the rest of us learn from this? Make sure that your site is not vulnerable in the first place, and if disaster does strike, have the tools and the knowledge on hand to spot the attack and clean it up as quickly as
possible."
Top malware-hosting countries
Mal/Iframe continues its dominance at the top of the chart, accounting for almost 6 out of every 10 infected webpages detected by Sophos during September. This is primarily due to the threat's continued success in China. Second in the chart, Mal/ObfJS accounted for 17 percent of compromised webpages. Earlier in the month, Sophos reported that webpages of the US Consulate General in
St.Petersburg, Russia, were compromised by hackers using this malware, despite
the fact that protection has been available since May this year.
"Of course it is seriously worrying when a reputable government site falls victim to a random web attack - it suggests that security is not being taken seriously," said Theriault. "Thankfully, the US Consulate General was most certainly aware of the cyber threat to both its sensitive data and visitors to its website, and the malicious code was removed quickly. What can the rest of us learn from this? Make sure that your site is not vulnerable in the first place, and if disaster does strike, have the tools and the knowledge on hand to spot the attack and clean it up as quickly as
possible."
Top malware-hosting countries
The top ten list of countries hosting malware-infected webpages for September 2007:
Position Lastmonth Country Percentage of reports
Position Lastmonth Country Percentage of reports
1 1 China (inc. HK) 54.9%
2 2 United States 17.1%
3 3 Russia 14.4%
4 4 Ukraine 3.7%
5 6 Germany 1.0%
6= 9= United Kingdom 0.7%
6= 5 Poland 0.7%
6= 7 Netherlands 0.7%
7= Re-entry Czech Republic 0.6%
7= 9= Canada 0.6%
Others 5.6%
China remains top of the chart, hosting more than half of all the infected webpages detected by Sophos during September. The proportion of compromised pages hosted in the US has dropped during the last month from 20.8 percent to 17.1 percent, but the number of infected pages hosted in Russia has increased from 11.3 percent to 14.4 percent. Overall, more than 85 percent of all compromised webpages worldwide are hosted in just three countries. "Ukraine however stands out as a country with a disproportionate number of infected webpages," continued Theriault. "This is likely to be a result of a lack of IT education and available resource to tackle web based malware. Ukrainian authorities should consider raising the profile of the cybercrime threat; through action, education and legislation, Ukraine could disappear completely from the top ten."
Top ten hoaxes and scams During August, Sophos continued to see hoaxes and chain letters spreading between internet users via email.
The top ten list of email hoaxes and scams for September :
Position Hoax Percentage of reports
China remains top of the chart, hosting more than half of all the infected webpages detected by Sophos during September. The proportion of compromised pages hosted in the US has dropped during the last month from 20.8 percent to 17.1 percent, but the number of infected pages hosted in Russia has increased from 11.3 percent to 14.4 percent. Overall, more than 85 percent of all compromised webpages worldwide are hosted in just three countries. "Ukraine however stands out as a country with a disproportionate number of infected webpages," continued Theriault. "This is likely to be a result of a lack of IT education and available resource to tackle web based malware. Ukrainian authorities should consider raising the profile of the cybercrime threat; through action, education and legislation, Ukraine could disappear completely from the top ten."
Top ten hoaxes and scams During August, Sophos continued to see hoaxes and chain letters spreading between internet users via email.
The top ten list of email hoaxes and scams for September :
Position Hoax Percentage of reports
1 A virtual card for you 7.4%
2 Olympic torch 6.1%
3 Hotmail hoax 5.1%
4 Bum_tnoo7 Facebook hacker 5.1%
5 Justice for Jamie 3.5%
6 Bill Gates fortune 2.9%
7 Bonsai kitten 2.7%
8 Heart attacks and warm water 2.2%
9 MSN is closing down 2.0%
10 Music Top 50 1.7%
Others 61.3%
Sophos experts have compiled simple best practice guides to adopting a multi-layered defense. With blended threats, spam and phishing attacks on the rise it has never been more important to educate end users about how best to protect themselves.
Sophos experts have compiled simple best practice guides to adopting a multi-layered defense. With blended threats, spam and phishing attacks on the rise it has never been more important to educate end users about how best to protect themselves.
Report based on pages from sophos site
No comments:
Post a Comment