The Month of Malicious Spam: Fraudsters Step up Attempts to Infect PC Users

Sophos Announces Top 10 Web and Email Borne Threats for August 2007

The figures, compiled by Sophos's global network of monitoring stations,show a dramatic drop in malware spreading in the form of email attachments,with just one infected message in every 1,000 emails in August, compared toone in 322 during the first six months of 2007.

Spam, however, has continued to be a problem - much of it linking tomalicious websites designed to infect users. A series of large-scale attackshave been made via spam email, directing users to infected webpages with thepromise of ecards, pictures of nude celebrities, YouTube movies and pop musicvideos. People visiting these sites are running the risk of having their PCsinfected by malicious code, which can then steal personal information, spamout more malware and junk email, or launch distributed denial of serviceattacks against innocent parties.

The total number of infected webpages continues to grow, although at aslightly slower rate than the month before. During August, Sophos detected anaverage of 5,000 new infected webpages each day, compared to 6,000 in July.

There was also a sharp spike in spam activity in the middle of August dueto one of the world's largest ever single spam campaigns, which was designedto manipulate stock prices.

    The top 10 list of web-based malware threats in August 2007 includes:    <<    1. Mal/Iframe       47.8%    2. Mal/ObfJS        17.7%    3. Troj/Decdec      14.0%    4. Troj/Fujif       4.3%    5. Mal/EncPk        2.5%    6. Troj/Psyme       2.2%    7. Mal/Packer       1.1%    8. Troj/Pintadd     1.0%    9. VBS/Redlof       0.7%    10. Mal/Behav       0.5%        Others          8.2%    >>

"Whether operating a computer for personal use or business use, peoplemust be aware that cybercriminals are on the prowl using a one-two punchsystem that combines regular email scams with sophisticated web-based malwareattacks," said Ron O'Brien, senior security analyst at Boston-based Sophos."IT managers, web hosts and ISPs alone cannot defend against malicious attacksentirely. Users must become better educated about the types of threats outthere, as well as the tools available to protect themselves from suchattacks."

The top 10 list of countries hosting malware-infected web pages in August2007 includes:

    1. China (inc. Hong Kong)   44.8%    2. United States            20.8%    3. Russia                   11.3%    4. Ukraine                  7.7%    5. Poland                   2.4%    6. Germany                  1.6%    7. Netherlands              1.1%    8. Italy                    0.9%    9(equal sign) Canada                   0.8%    9(equal sign) United Kingdom           0.8%      Others                    7.8%    

    The top 10 list of email-based malware threats in August 2007 includes:    <<    1. W32/Netsky       30.5%    2. W32/Zafi         20.0%    3. W32/Mytob        15.0%    4. Troj/Pushdo      10.8%    5. Troj/Dloadr      4.8%    6. W32/MyDoom       4.4%    7. Mal/Dropper      2.3%    8. W32/Bagle        2.1%    9. W32/Sality       1.8%    10. W32/Traxg       1.2%      Others            7.1%    >>

"Sophos has noted throughout the past months that there is a considerablerise in web-based attacks, while email-only threats are on the decline," saidO'Brien. "Such new delivery techniques are designed to skate by securityfilters. However, SophosLabs continues to identify variants of older malwarebeing released in these scams, making it easier for our technology to detectand defend against the threats."

During August, Sophos continued to see hoaxes and chainletters spreadingbetween internet users via email. One new hoax, which took advantage of thegrowing popularity of social networking websites, warned that Facebook userswho accepted a friend invitation from a user called Bum_tnoo7 would be openingthemselves up to identity theft.

Graphics of the above top ten virus chart are available at.

For more information about safe computing, including anti-hoax policies,please visit: .

About Sophos

Sophos is a world leader in IT security and control. Sophos offerscomplete protection and control to business, education and governmentorganizations - defending against known and unknown malware, spyware,intrusions, unwanted applications, spam, policy abuse and uncontrolled networkaccess (NAC). Sophos's reliably engineered, easy-to-operate products protectmore than 100 million users in more than 150 countries and are procuredexclusively through channel partners. Through over 20 years' experience and aglobal network of threat analysis centers, the company responds rapidly toemerging threats and achieves the highest levels of customer satisfaction inthe industry. Sophos is a global company with headquarters in Boston, MA, andOxford, UK. For more information on Sophos, visit and for thelatest breaking security updates please visit the SophosLabs blog,.

For further information

Racepoint Group Heather Ailara, 781-487-4650 or Sophos Jennifer Torode, 781-494-5885