The return of the three year old worm

(04/12/2007)

According to Sophos, the old-timer Traxg worm has leapt to number two in the chart, accounting for nearly 25 percent of all recorded email-borne malware in November, despite first being detected more than three years ago in October 2004.

Pushdo once again topped the chart in November, in a month that has seen the malware author continue to release a number of variants, including the latest offering - a naked video of Britney Spears - in an attempt to entice and dupe unwary users.

The top ten list of email-based malware threats in November 2007 reads as follows:
1. Troj/Pushdo 29.3%
2. W32/Traxg 23.6%
3. W32/Netsky 17.8%
4. Mal/Dropper 5.4%
5. W32/Zafi 5.0%
6. W32/Mytob 4.8%
7. W32/Flcss 3.3%
8. W32/MyDoom 2.9%
9. W32/Strati 2.8%
10. W32/Bagle 1.0%
Others 5.1%

Overall in November, 0.1 percent of emails were carrying malicious email attachments, or one in every 1,000. Meanwhile, web attacks have risen this month, with Sophos detecting 7,500 new infected webpages every day, an increase of more than a third when compared to the same period in October.

The top ten list of web-based malware threats in November 2007 reads as follows:
1. Mal/Iframe 69.6%
2. Mal/ObfJS 11.6%
3. Troj/Unif 3.7%
4. Troj/Decdec 2.3%
5. Troj/Fujif 1.2%
6. W32/Feebs 1.0%
7= Troj/Unsc 0.7% new entry
7= Mal/Packer 0.7%
9. Mal/Behav 0.6%
10. Mal/FunDF 0.5%
Others 8.1%

Mal/Iframe once again topped the chart this month, accounting for more than two thirds of all infected web pages found in November, with Mal/ObfJS also maintaining its position in second place. Elsewhere in the chart, Unsc, a Trojan that attempts to download malicious code from the web, has made a first appearance at number seven. Meanwhile, webpages hosted in China continue to be plagued by Mal/Iframe, and overall the country hosted more than 50 percent of this month's infected webpages.

The top ten list of countries hosting malware-infected webpages in November 2007 reads as follows:
1. China 55.2%
2. United States 19.7%
3. Russia 11.4%
4. Ukraine 2.0%
5. Germany 1.6%
6. Turkey 1.4% new entry
7. Canada 0.8%
8= United Kingdom 0.7% new entry
8= Poland 0.7% new entry
10. France 0.6% new entry
Others 5.9%

"Traxg hurtling into second position this month has come as a complete surprise, and the fact that unsophisticated worms are still slipping through the net at such a rate of knots is a clear indication that huge numbers of users, and potentially companies, are failing to install even basic anti-virus protection," said Graham Cluley, senior technology consultant at Sophos. "In first place, Pushdo continues to wreak havoc. A clear reason for its ongoing success is the guilty cybercriminal's ability to quickly create different variants, which are being spread voraciously in a range of spam messages. Each new piece of spam that harbours the trojan has been created to tempt users, and whether it's enticing them to watch videos of Britney or view naked pictures of Angelina, this fraudster's tactics are certainly working."

"The big three - China, the US and Russia - continue to dominate the chart, accounting for more than 85 percent of all infected webpages world-wide," continued Cluley. "Despite this, the fluctuation in the rest of the chart, highlighted by the four new entries this month, shows that this is very much a global problem. To stop it turning into a major pandemic, web hosts throughout the world would be well advised to clean up their sites and quash the hackers by installing web security protection."

Related topics:  Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources