Sophos' Top 10 Threats for September
Sophos announces top ten Web and email-borne malicious threats for September 2007
BOSTON -- IT security and control firm Sophos has revealed the most prevalent malware threats causing problems for computer users around the world during September 2007.
The figures, compiled by Sophos's global network of monitoring stations, have shown a rise in the percentage of infected email. Overall in September, 0.12 percent of emails were carrying malicious email attachments, or 1 in every 833, compared to 1 in every 1000 during August. This is primarily due to a coordinated campaign by hackers to spam out the Pushdo Trojan horse en masse during the second half of September. The emails, which pose as naked pictures of Hollywood actresses such as Angelina Jolie and "Holly Berry" [sic], carry a malicious payload designed to give criminal hackers control over infected PCs. During a single 24-hour period in the last week of September, Sophos reports that the Pushdo Trojan accounted for almost 4 in every 5 infected emails.
The top ten list of email-based malware threats in September 2007 reads as follows:
W32/Netsky 29.9%
Troj/Pushdo 27.4%
W32/Mytob 9.2%
W32/Zafi 8.3%
Mal/Iframe 6.0%
Mal/Behav 4.6%
W32/MyDoom 4.1%
Mal/Basine 2.5%
W32/Bagle 1.4%
W32/Traxg 1.2%
Other 5.4%
"Using a variety of tempting disguises, versions of the Pushdo Trojan have been spammed out every Wednesday since March, but lately the hackers have stepped up a gear and sent it to innocent computer users at any time on any day of the week," said Graham Cluley, senior technology consultant at Sophos. "Hackers have been trapping users with pictures of celebrities for years - but it's still a social engineering trick that works. What is clear is that hackers have not turned their backs on using email as a vector for attack. Companies and individuals alike must protect their gateways and inboxes with a secure defense, and think before they open unsolicited emails."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024