Anti-virus software firm Sophos has given its monthly report on the top ten viruses and hoaxes causing problems for businesses around the world for the month of December 2005.
The report, compiled from the firm’s monitoring stations, reveals that Sober-Z has taken the world by storm, accounting for 78.92% of all malware reported to the company. Its domination of the charts is making other current threats pale in comparison, and the Sober threat shows no sign of slowing, the anti-virus firm adds.
The Sober-Z worm sends itself as an email attachment and attempts to turn off security software on the user’s computer. The author of this worm has been operating anonymously for more than two years, and this latest threat is the cyber criminal’s most widespread virus yet, it is claimed.
What they say
"A key differentiator of the Sober worms is their ability to dupe users. From offering World Cup football tickets, to posing as the FBI or long-lost pal, it seems the Sober family will stop at nothing to ensure that recipients launch the viral email attachment," said Carole Theriault, senior security consultant at Sophos. "The Sober-Z worm stormed to the top of the November 2005 chart and continued to hold the number one spot throughout December. Should the author go ahead and upload malware onto websites for infected machines to grab and run, as anticipated, the worm may disrupt businesses even further."
Ironically Sober-Z, which can disguise itself as a message from investigators at the FBI, CIA or Germany’s Federal Crime Office (BKA), led to the arrest of a child porn offender this month. The 20-year-old German man believed the contents of the infected email, which informed him that he was being investigated by the BKA for visiting illegal websites, and subsequently turned himself into the police.
"Rarely does a virus actually benefit society, but few people would discourage the German police from investigating this guy," added Theriault. "However, it is an inadvertent victory for justice – the Sober virus writer has been causing havoc for computer users around the world for several years. The good news is that this persistent worm is easy to combat if home users and businesses have effective up-to-date anti-virus and anti-spam protection in place, and if they follow safe computing practices."
The rest of the chart remained fairly static in December. Zafi-B is the only climber, creeping up from seventh to second position. However Sober-Z’s dominance has ensured that this worm still only accounts for 3.3pc of malware reported to Sophos in the last month of 2005. Elsewhere in the chart, Netsky-P has dropped to third position, and several Mytob variants continue to plague businesses and users, including two new entries, Mytob-FO and Mytob-FM.
The research shows a significant rise in the number of infected emails, according to the firm. In December, 6.1%, or one in 16 emails was viral. The firm says it now identifies and protects against a total of 115,748 viruses, an increase of 1,666 on last month.
To minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.
Hoax emails
"There are two re-entries fooling users this month," said Theriault. "The Elf Bowling hoax, which has made a festive re-appearance, warns users that the game is infected with a virus and should be deleted immediately upon receipt. This hoax is essentially harmless, but serves as a reminder to companies that they should explain to employees the danger of distributing executable files. The cyber game, while not a malicious threat, can also cause companies downtime and could potentially divert employee attention."
Sophos has made available a free, updated information feed for intranets and websites for users to find out about th viruses and hoaxes: www.sophos.com/virusinfo/infofeed/
Graphics of the above top ten virus chart are available at: www.sophos.com/pressoffice/imgallery/topten
For more information about safe computing, including anti-hoax policies, please visit: www.sophos.com/virusinfo/bestpractice/
