informa
/
Attacks/Breaches
News

Sophos: Top 10 Threats for August 2007

Sophos announces top 10 Web and email-borne threats for August 2007
BOSTON -- Sophos, a world leader in IT security and control, has revealed the most prevalent malware threats causing problems for computer users around the world during August 2007.

The figures, compiled by Sophos's global network of monitoring stations, show a dramatic drop in malware spreading in the form of email attachments, with just one infected message in every 1,000 emails in August, compared to one in 322 during the first six months of 2007.

Spam, however, has continued to be a problem - much of it linking to malicious websites designed to infect users. A series of large-scale attacks have been made via spam email, directing users to infected webpages with the promise of ecards, pictures of nude celebrities, YouTube movies and pop music videos. People visiting these sites are running the risk of having their PCs infected by malicious code, which can then steal personal information, spam out more malware and junk email, or launch distributed denial of service attacks against innocent parties.

The total number of infected webpages continues to grow, although at a slightly slower rate than the month before. During August, Sophos detected an average of 5,000 new infected webpages each day, compared to 6,000 in July.

There was also a sharp spike in spam activity in the middle of August due to one of the world's largest ever single spam campaigns, which was designed to manipulate stock prices.

The top 10 list of web-based malware threats in August 2007 includes:

  1. Mal/Iframe 47.8%

  2. Mal/ObfJS 17.7%

  3. Troj/Decdec 14.0%

  4. Troj/Fujif 4.3%

  5. Mal/EncPk 2.5%

  6. Troj/Psyme 2.2%

  7. Mal/Packer 1.1%

  8. Troj/Pintadd 1.0%

  9. VBS/Redlof 0.7%
  10. Mal/Behav 0.5%

    Others 8.2%

Mal/Iframe and ObfJS have retained their positions at the top of the chart, while Decdec has crept up to third place, accounting for 14 percent of this month's web-based malware, which is up 11 percent from July.

"Whether operating a computer for personal use or business use, people must be aware that cybercriminals are on the prowl using a one-two punch system that combines regular email scams with sophisticated web-based malware attacks,” said Ron O’Brien, senior security analyst at Boston-based Sophos. “IT managers, web hosts and ISPs alone cannot defend against malicious attacks entirely. Users must become better educated about the types of threats out there, as well as the tools available to protect themselves from such attacks.”

Sophos plc

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5