In this section

• Home
• Press office
• News archive
• Articles
• 2007
• 08

• Journalists' guide
• News archive

Talk to our experts

• Press contacts

Resources

• Sophos Podcasts
• Image gallery
• Customer case studies
• Free anti-virus
• White papers
• Awards and reviews
• Industry affiliations

Sophos blogs

• SophosLabs blog
• Graham Cluley's blog
• Paul Ducklin's blog
• Chet's blog

Info feeds

• Security news
• Company news
• More...

What are info feeds?

1 August 2007

Drive-by downloads remain cybercriminals' favorite web threats Sophos announces top ten web and email-borne threats for July 2007

Sophos, a world leader in IT security and control, has revealed the most prevalent malware threats causing problems for computer users around the world during July 2007.

The figures, compiled by Sophos's global network of monitoring stations, show a significant rise in the prevalence of the Mal/ObfJS family of web threats - up from just 1.8 percent last month to 17.3 percent this month. Despite this growth, Mal/ObjJS has not been able to dislodge Mal/Iframe from its number one position, accounting for more than half of all web threats seen by Sophos.

Top ten web threats

The top ten list of web-based malware threats in July 2007 reads as follows:

Position	Malware	Percentage of reports
1	Mal/Iframe	56.0%
2	Mal/ObfJS	17.3%
3	Troj/Psyme	10.4%
4	Troj/Decdec	3.5%
5	Troj/Fujif	1.9%
6	Mal/Zlob	1.1%
7	VBS/Edibara	0.9%
8	Mal/Packer	0.8%
9=	Mal/Behav	0.4%
9=	VBS/Redlof	0.4%
Others		7.3%

Experts at SophosLabs™ note that the prominence of both threats in the top ten emphasises the popularity of the drive-by download technique with cybercriminals, as well as continued growth in the use of obfuscated Javascripts in compromising sites.

"The security dangers of the web still aren't fully registering with a great many businesses - this is providing rich pickings for hackers hell-bent on gaining access to sensitive information," said Carole Theriault, senior security consultant at Sophos. "It's no surprise to see legitimate webpages targeted for these attacks - businesses generally aren't too strict about stopping their employees accessing these websites, while the sites themselves will already have their own daily flow of user traffic, saving hackers the trouble of trying to entice unenlightened web surfers."

Top malware-hosting countries

The top ten list of countries hosting malware-infected webpages in July 2007, reads as follows:

Position	Country	Percentage of reports
1	China (inc. Hong Kong)	49.8%
2	United States	21.8%
3	Russia	14.7%
4	Ukraine	3.2%
5	Germany	1.2%
6	Brazil	1.0%
7=	United Kingdom	0.8%
7=	Taiwan	0.8%
8=	Canada	0.6%
8=	Poland	0.6%
Others		5.5%

China has again retained its position as the primary nation responsible for hosting malware-infected webpages. Interestingly, the number of pages hosted by Russia has increased substantially since June 2007, where it stood at just 3.5 percent. This can be explained by the large number of Mal/Iframe and Mal/ObfJS-infected webpages in Russia that have been compromised to serve as drive-by sites.

"Last month Italy made the top ten - now it has disappeared and Russia is the main nation on the rise," continued Theriault. "It's important for countries to recognise that hackers don't have preferred locations for malware-hosting. They'll target any vulnerable web hosts that they can find, irrespective of country, meaning that no nation is immune to the threat. The only way for businesses to mitigate against the danger is by deploying up-to-date security solutions and ensuring that internet users don't jeopardise their networks through irresponsible online behavior."

Top ten email threats

The top ten list of email-based malware threats in July 2007 reads as follows:

Position	Last month	Malware	Percentage of reports
1	1	W32/Netsky	27.2%
2	2	W32/Mytob	18.3%
3	6	W32/Zafi	12.4%
4	3	Mal/Iframe	9.8%
5	4	W32/MyDoom	5.6%
6	5	W32/Sality	4.1%
7	New	Troj/Agent	3.8%
8=	6	W32/Bagle	3.4%
8=	Re-entry	Mal/Clagger	3.4%
10	New	W32/Strati	1.7%
Others			10.3%

A graphic of the top ten email-based malware chart is available.

A week ago, Sophos published its Security Threat Report July 2007, examining the latest trends in malware, spam and cybercrime.

• Download "Sophos Security Threat Report July 2007"
• Download a podcast on the Sophos Security Threat Report July 2007 now

Top ten hoaxes and chain letters for July 2007

Position	Hoax	Percentage of reports
1	Hotmail hoax	34.7%
2	Olympic torch	6.6%
3	A virtual card for you	3.9%
4	Meninas da Playboy	2.8%
5	Bonsai kitten	2.3%
6	Bill Gates fortune	2.1%
7	Music Top 50	1.7%
8	MSN is closing down	1.6%
9	Budweiser frogs screensaver	1.4%
10	Justice for Jamie	1.3%
Others		41.6%

Sophos experts have compiled simple best practice guides to adopting a multi-layered defense. With blended threats, spam and phishing attacks on the rise it has never been more important to educate end users about how best to protect themselves.

• Bookmark with del.icio.us
• Submit this story to digg
• Submit this story to slashdot

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.

See also:

• Listen to Sophos podcasts
• Find out about the latest threats on the SophosLabs blog
• Sign up for free notification of new viruses found in the wild