May 2007 Stats From Sophos

06 Jun 01:14

Sophos reports that 9500 new web pages get infected every day.

The May figures compiled by Sophos's global network of monitoring stations show that infected web pages continue to pose a threat, affecting official government websites as well as other legitimate pages. On average this month, Sophos uncovered 9,500 new infected web pages daily - an increase of more than 1000 every day when compared to April. In total, 304,000 web pages hosting malicious code were identified in May.

The top ten list of web-based malware threats in May 2007 reads as follows:

  1. Mal/Iframe - 65.5 per cent
  2. JS/EncIFra - 6.9 per cent
  3. Troj/Decdec - 6.5 per cent
  4. Troj/Fujif - 3.7 per cent
  5. Troj/Ifradv - 3.0 per cent
  6. VBS/Redlof - 2.2 per cent
  7. Mal/ObfJS - 1.8 per cent
  8. Troj/Psyme - 1.2 per cent
  9. VBS/Roor - 1.0 per cent
  10. VBS/Soraci - 0.9 per cent
Others - 7.3 per cent

Iframe, which works by injecting malicious code onto legitimate web pages, continues to dominate the chart, accounting for almost two thirds of all web-based threats in May. The three newcomers, Redlof, Roor and Soraci, are all appending viruses, infecting, amongst others, HTM, HTML and HTT files. The appearance of these relatively old viruses in the chart illustrates that many web administrators are failing to keep their web sites safe from hackers intent on compromising their pages. It's no longer enough for businesses simply to filter websites based on category - the real nasty attacks are most often found lurking on legitimate web pages.

The top ten list of countries hosting malware-infected web pages in May 2007, reads as follows:

  1. China (incl HK) - 53.2 per cent
  2. United States - 27.4 per cent
  3. Germany - 5.1 per cent
  4. Russia - 3.5 per cent
  5. Thailand - 1.1 per cent
  6. Ukraine - 1.0 per cent
  7. United Kingdom - 0.9 per cent
  8. Taiwan - 0.8 per cent
  9. Canada - 0.6 per cent
  10. S Korea - 0.5 per cent
Others - 5.9 per cent

China, responsible for hosting more than 50 per cent of infected web pages has retained its position at the top of the chart. The country's continued dominance is largely down to increased reports of Iframe, which has been widely reported on unprotected Chinese web pages.

Thailand has entered the chart for the first time at number five. Sophos research found that many of the infected web pages hosted in Thailand are on government websites that have been infected by malware.

The top ten list of email-based malware threats in May 2007 reads as follows:

  1. W32/Sober - 29.0 per cent
  2. W32/Netsky - 26.9 per cent
  3. W32/Mytob - 13.1 per cent
  4. W32/Stratio - 6.1 per cent
  5. W32/MyDoom - 4.1 per cent
  6. W32/Zafi - 3.9 per cent
  7. Mal/Behav - 3.8 per cent
  8. W32/Sality - 3.8 per cent
  9. W32/Bagle - 3.3 per cent
  10. W32/Nyxem - 1.8 per cent
Others - 4.2 per cent

In May, Sober was the most prevalent email-borne attack, toppling Netsky from its top position and accounting for almost one third of all threats. Sober's dominance in the chart is primarily due to a huge outbreak on May 1st that coincided with May Day across Europe. During this 24-hour period, Sober accounted for nearly 70 per cent of all infected email.

Related links: (Open in a new window.)
www.sophos.com/

Taken from Information Security Bulletin.