Three-Year-Old Worm Accounts for Nearly Quarter of E-mail Malware in November

IT security and control firm Sophos has revealed the most prevalent malware threats and countries causing problems for computer users around the world during November 2007. The study, compiled by a global network of monitoring stations, has shown that old-timer worm Traxg has leapt to number two in the chart, accounting for nearly 25 percent of all recorded e-mail-borne malware in November, despite first being detected more than three years ago in October 2004. Pushdo once again topped the chart in November, in a month that has seen the malware author continue to release a number of variants, including the latest offering -- a video of Britney Spears -- in an attempt to entice and dupe unwary users.

Top Ten E-mail-based Malware Threats

1. Troj/Pushdo -- 29.3%

2. W32/Traxg -- 23.6%

3. W32/Netsky -- 17.8%

4. Mal/Dropper -- 5.4%

5. W32/Zafi -- 5.0%

6.  W32/Mytob -- 4.8%

7. W32/Flcss -- 3.3%

8. W32/MyDoom -- 2.9%

9. W32/Strati -- 2.8%

10. W32/Bagle -- 1.0%

Others -- 4.1%

"Traxg hurtling into second position this month has come as a complete surprise, and the fact that unsophisticated worms are still slipping through the net at such a rate of knots is a clear indication that huge numbers of users, and potentially companies, are failing to install even basic anti-virus protection," said Graham Cluley, senior technology consultant at Sophos. "In first place, Pushdo continues to wreak havoc. A clear reason for its ongoing success is the guilty cybercriminal's ability to quickly create different variants, which are being spread voraciously in a range of spam messages. Each new piece of spam that harbours the trojan has been created to tempt users, and whether it's enticing them to watch videos of Britney or view naked pictures of Angelina, this fraudster's tactics are certainly working."

Overall in November, 0.1 percent of emails were carrying malicious email attachments, or one in every 1,000. Meanwhile, Web attacks have risen this month, with Sophos detecting 7,500 new infected Web pages every day, an increase of more than a third when compared to the same period in October.

Mal/Iframe once again topped the chart this month, accounting for more than two thirds of all infected Web pages found in November, with Mal/ObfJS also maintaining its position in second place. Elsewhere in the chart, Unsc, a Trojan that attempts to download malicious code from the Web, has made a first appearance at number seven. Meanwhile, Web pages hosted in China continue to be plagued by Mal/Iframe, and overall the country hosted more than 50 percent of this month's infected Web pages.

Top Ten Countries Hosting Malware on the Web

1. China (inc. Hong Kong) -- 55.2%

2. United States -- 19.7%

3. Russia -- 11.4%

4. Ukraine -- 2.0%

5. Germany -- 1.6%

6. Turkey -- 1.4%

7. Canada -- 0.8%

8. United Kingdom -- 0.7%

8. Poland -- 0.7%

10. France -- 0.6%

Others -- 5.9%

"The big three -- China, the US and Russia -- continue to dominate the chart, accounting for more than 85 percent of all infected Web pages world-wide," continued Cluley. "Despite this, the fluctuation in the rest of the chart, highlighted by the four new entries this month, shows that this is very much a global problem. To stop it turning into a major pandemic, Web hosts throughout the world would be well advised to clean up their sites and quash the hackers by installing Web security protection."

Top Ten Hoaxes and Scams

1. Olympic torch -- 10.1%

2. Hotmail hoax -- 5.8%

2. A virtual card for you -- 5.8%

4. Parcel Delivery Service scam -- 4.8%

5. A Vida