Sophos has published their list of the most prevalent malware threats causing problems for computer users around the world during April 2007.

The figures compiled by Sophos's global network of monitoring stations, reveal that cybercriminals are currently preferring to spread their malware via the web than by email. 245,790 webpages hosting malicious code were identified in April, averaging at 8,193 infected webpages each day.

The top ten list of web-based malware threats in April 2007 reads as follows:

1. Mal/Iframe - 44.7 per cent
   
2. JS/EncIFra - 19.7 per cent
   
3. Troj/Fujif - 10.0 per cent
   
4. Troj/Psyme - 8.7 per cent
   
5. Troj/Decdec - 5.3 per cent
   
6. Troj/Ifradv - 4.0 per cent
   
7. Mal/Packer - 1.0 per cent
   
8. Mal/FunDF - 0.7 per cent
   
9. Mal/ObfJS - 0.5 per cent
   
10. Mal/Behav - 0.4 per cent

Others - 5.0 per cent

Mal/Iframe dominated the web-based malware chart in April, accounting for nearly half of the world's web threats. Iframe-based malware operates like a growing number of web-based attacks, looking for vulnerabilities on legitimate hosted websites and injecting malicious code onto the site. Once the site is infected, unwary visitors without web security, firewall or patches on their PCs, can themselves be infected.

"The Iframe-based attacks are a perfect example of a prolific web threat that targets vulnerable sites - it doesn't care whether the site is hosting pornography or gardening tips," said Carole Theriault, senior security consultant at Sophos. "This problem is not just a niggle: Sophos research shows that a whopping 70 per cent of web-based malware is being hosted on innocent but exploited web sites. With people being lured to these innocent but compromised webpages via cleverly worded email invitations, web security has to go beyond blocking web sites based upon category alone. A secure web defence will also scan pages for malicious content, regardless of whether they are on a site you would normally consider 'safe'."

The top ten list of countries hosting malware-infected websites in April 2007, reads as follows:

1. China (including Hong Kong) - 56.4 per cent
   
2. United States - 28.3 per cent
   
3. Russia - 5.4 per cent
   
4. Germany - 3.4 per cent
   
5. France - 1.2 per cent
   
6. Canada - 0.7 per cent
   
7. South Korea - 0.6 per cent
   
8. Ukraine - 0.5 per cent
   
9. Netherlands - 0.4 per cent
   
10. United Kingdom - 0.4 per cent

Others - 2.7 per cent

In April, China and Hong Kong were responsible for hosting more than half of the infected websites identified by Sophos, a significant increase when compared to March, when they were hosting 36 per cent. China's rise in the chart is primarily due to the country hosting a large proportion of unpatched sites infected with this Iframe malware. However, 90 per cent of all detected Hong Kong-based hacked websites were infected with Psyme.

"The UK has fallen from fifth in March to tenth position this month," continued Theriault. "This is more a sign of hackers finding a mountain of unpatched websites in China and the States rather than the UK being successful at cleaning up its sites. It would be great to see the UK fall completely from this list. If you are running a website, make sure your web server and software are patched against vulnerabilities."

The top ten list of email-based malware threats in April 2007 reads as follows:

1. W32/Netsky - 24.7 per cent
   
2. W32/Dref - 24.0 per cent
   
3. W32/Mytob - 15.6 per cent
   
4. W32/Stratio - 12.3 per cent
   
5. W32/Zafi - 5.2 per cent
   
6. W32/Sality - 3.7 per cent
   
7. W32/MyDoom - 3.6 per cent
   
8. W32/Bagle - 3.0 per cent
   
9. W32/Nyxem - 1.6 per cent
   
10. Troj/Small - 0.9 per cent

Others - 5.4 per cent

The list shows that while Netsky has held onto the number one spot for email-borne threats, Dref has shot back into the chart at number two, accounting for 24 per cent of all malware spread via email.

Related links: (Open in a new window.)
www.sophos.com/pressoffice/imggallery/topten/

View printable version (opens in new window)
Back