Trojan code outnumbers Windows flaws

No link between malware hosting and botnets

The 2006 Sophos Internet Threat Report released last week discovered a seismic online shift towards using Web-based threats as a way to spread malicious code and dupe users into downloading it.

According to the report Australia ranked number 43 out of all countries hosting malware in 2006 with New Zealand placing higher at number 36. The United States, China, Russia, the Ukraine and the Netherlands rounded out the top five malware hosting countries for 2006.

Trojan-like malicious code, outnumbering Windows specific Internet based worms in 2005, rose to 80 percent of all threats in 2006. In 2005 that figure was 62 percent.

Paul Ducklin, Sophos Asia Pacific head of technology, hinted at Australia's ranking as a bit part result from Internet Service Providers (ISPs) "doing the right thing" and the greater efforts companies are taking to keep services secure.

Ducklin said there is no direct link between malware hosting and botnets as often a computer can be tweaked to send spam but for some reasons could not be used to serve malware.

"Infected e-mail through attachments has gone down to one in 44 and the fact it has fallen is not because there is less malware, but that the bad guys are more determined to create distinct bits of malware, and these bad guys are no longer enamoured with mass mailing malware because it draws attention," Ducklin said.

"But despite the levels going down the risk has increased ... if you take the top ten malware list, old malware spun out with sufficient value but the also-rans made up with the size of the threat, and there were a lot more cases where people get 100 detections of different variants of a new piece of malware that didn't show up as something like ZOTOB.

"2006 saw an explosive growth of Web based downloaders and 41,536 new pieces of malware but overall the amount of e-mail containing infected attachments was down to one in 337. November saw 7612 new threats, the average has been roughly 8,000 a month which is around 113 per day with five released every hour."

The report also found 75 percent of all phishing e-mail sent during 2006 targeted either PayPal or eBay users, and the first incidents of voice phishing was discovered where scammers redirected e-mail recipients to a telephone number as opposed to a fraudulent Web site.

Ducklin said even company switchboards are being replicated to give this scam more success.

"We're not talking about completely replicating the switchboard but it is a call to action, getting a switchboard in the same way of ripping off other stuff," Ducklin said.

"Obviously you cannot just speak English but the big deal with VoIP is that it makes the cost of calls to the recipient very low."

Top ten malware families for 2006, as recorded by Sophos were Mytob (30 percent), Netsky, Sober, Zafi, Nyxem, Bagle, MyDoom, Stratio, Clagger, Dref.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about eBayPayPalRoseSophos

Show Comments