Sophos has revealed the most prevalent malware threats causing problems for computer users around the world during July 2007.
The figures, compiled by Sophos’s global network of monitoring stations, show a significant rise in the prevalence of the Mal/ObfJS family of web threats – up from just 1.8 percent last month to 17.3 percent this month. Despite this growth, Mal/ObjJS has not been able to dislodge Mal/Iframe from its number one position, accounting for more than half of all web threats seen by Sophos.
The top ten list of web-based malware threats in July 2007 reads as follows:
1. Mal/Iframe 56.0%
2. Mal/ObfJS 17.3%
3. Troj/Psyme 10.4%
4. Troj/Decdec 3.5%
5. Troj/Fujif 1.9%
6. Mal/Zlob 1.1%
7. VBS/Edibara 0.9%
8. Mal/Packer 0.8%
9. Mal/Behav 0.4%
10. VBS/Redlof 0.4%
11. Other 7.3%
Experts at SophosLabs note that the prominence of both threats in the top ten emphasises the popularity of the drive-by download technique with cybercriminals, as well as continued growth in the use of obfuscated Javascripts in compromising sites.
“The security dangers of the web still aren’t fully registering with a great many businesses – this is providing rich pickings for hackers hell-bent on gaining access to sensitive information,” said Paul Ducklin, head of technology for Asia Pacific at Sophos. “It’s no surprise to see legitimate webpages targeted for these attacks – businesses generally aren’t too strict about stopping their employees accessing these websites, while the sites themselves will already have their own daily flow of user traffic, saving hackers the trouble of trying to entice unenlightened web surfers.”
The top ten list of countries hosting malware-infected web pages in July 2007, reads as follows:
1. China (inc. Hong Kong) 49.8%
2. United States 21.8%
3. Russia 14.7%
4. Ukraine 3.2%
5. Germany 1.2%
6. Brazil 1.0%
7. United Kingdom 0.8%
8. Taiwan 0.8%
9. Canada 0.6%
10. Poland 0.6%
11. Other 5.5%
China has again retained its position as the primary nation responsible for hosting malware-infected web pages. Interestingly, the number of pages hosted by Russia has increased substantially since June 2007, where it stood at just 3.5 percent. This can be explained by the large number of Mal/Iframe- and Mal/ObfJS-infected webpages in Russia that have been compromised to serve as drive-by sites.
“Last month Italy made the top ten – now it has disappeared and Russia is the main nation on the rise,” continued Ducklin. “It’s important for countries to recognise that hackers don’t have preferred locations for malware-hosting. They’ll target any vulnerable web hosts that they can find, irrespective of country, meaning that no nation is immune to the threat. The only way for businesses to mitigate against the danger is by deploying up-to-date security solutions and ensuring that internet users don’t jeopardise their networks through irresponsible online behaviour.
The top ten list of email-based malware threats in July 2007 reads as follows:
1. W32/Netsky 27.2%
2. W32/Mytob 18.3%
3. W32/Zafi 12.4%
4. Mal/Iframe 9.8%
5. W32/MyDoom 5.6%
6. W32/Sality 4.1%
7. Troj/Agent 3.8%
8. W32/Bagle 3.4%
9. Mal/Clagger 3.4%
10. W32/Strati 1.7%
11. Other 10.3%
credits to Nigel Yap;lowyat
