Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

War Of The Worms: Windows Worms Dominate The 2004 Virus Charts

  • 09 December, 2004 08:11

<p>~Sophos annual threat report identifies the latest trends in viruses and spam.</p>
<p>Sophos, a world leader in protecting businesses against viruses and spam, has released a report revealing the hardest hitting viruses of 2004. Worldwide, the mail-borne Netsky-P and Zafi-B worms have been battling it out for the top spot in the chart for most of the second half of the year, while internet worm Sasser disrupted thousands of businesses and home users in May. There were over 10,000 new viruses during 2004, a 50% increase on the number of new viruses in 2003.</p>
<p>The Sophos Worldwide Top Ten virus chart for 2004 is as follows:</p>
<p>Pos Name Percentage First seen</p>
<p>1. W32/Netsky-P 22.6% March 2004</p>
<p>2. W32/Zafi-B 18.8% June 2004</p>
<p>3. W32/Sasser 14.2% May 2004</p>
<p>4. W32/Netsky-B 7.4% February 2004</p>
<p>5. W32/Netsky-D 6.1% March 2004</p>
<p>6. W32/Netsky-Z 3.7% April 2004</p>
<p>7. W32/MyDoom-A 2.4% January 2004</p>
<p>8. W32/Sober-I 1.9% November 2004</p>
<p>9. W32/Netsky-C 1.8% May 2004</p>
<p>10. W32/Bagle-AA 1.6% April 2004</p>
<p>Others 19.5%</p>
<p>"There is a silver lining to the 2004 Virus Top Ten," said Paul Ducklin, Head of Technology, Asia Pacific for Sophos in Sydney. "Sven Jachsan, a German teenager who has admitted responsibility for the Netsky virus family, has been arrested and faces criminal charges. With five Netskys in the Top Ten, victims of these viruses will probably take comfort from the fact that virus writers do not always escape justice."</p>
<p>Ducklin has also compared these worldwide numbers with the figures for actual virus infections reported to Sophos in Australia and New Zealand. Ducklin thinks we have reason to be pleased with what he found: "The two most widely-reported infections by businesses in this part of the world were not Netsky-P and Zafi-B, but MyDoom-A and Bagle-A. Interestingly, both of these viruses appeared right at the start of 2004. Whilst this observation doesn't prove anything, it certainly suggests rather strongly that businesses in Australia and New Zealand have sharpened up their anti-virus act during the year."</p>
<p>Sasser, probably the year's most talked-about worm, does not use email to propagate. Sasser spreads via the internet, attacking vulnerable Windows computers which have not been updated with a critical Microsoft security patch. This patch was made available only two weeks before Sasser was first seen.</p>
<p>Sophos has detected 10,724 new viruses, worms and Trojan horses to-date this year (an average of almost 30 per day), bringing the total protected against to 97,535. Virus writers have also been busier in 2004 than in 2003: the number of new viruses this year is 50% up on last year.</p>
<p>Many other virus and spam developments have taken place during 2004, and have revealed trends for the future:</p>
<p>* More activity by law enforcement</p>
<p>As well as the arrest of Sven Jaschan, 2004 saw numerous other arrests. Australian email scammer Nick Marinellis, who stole more than $A5 million, was jailed; Brazilian authorities made more than 50 arrests for Trojan phishing; the UK's National Hi-Tech Crime Unit (NHTCU) made several arrests related to phishing. On the virus front, female virus writer Gigabyte was arrested in Belgium, and the infamous 29A gang was broken apart as one member "Whale" was found guilty and fined, while "Benny" was reportedly questioned in connection with the Slammer internet worm outbreak of early 2003.</p>
<p>* Continued dominance of Windows 32 viruses in 2004</p>
<p>All of the 2004 top ten viruses are Windows 32 viruses. These only infect Microsoft users, using email or the internet to spread.</p>
<p>* New phishing trends - a new wave of online bank robbery</p>
<p>Numerous financial institutions in Australia continued to be the targets of phishing scams and there was a worrying trend of phishers recruiting 'mules' to help send stolen money overseas.</p>
<p>* No sign of spam subsiding, as spammers adopt new tricks</p>
<p>Globally, the spam problem shows no sign of disappearing, despite an increased number of arrests and convictions. Spammers are continuing to exploit innocent hacked computers to send their spam, and using different guises in their attempts to fool users into visiting their sites.</p>
<p>Spam with an Australian source, however, is down. Last year, Australia appeared in the top ten countries for sending spam, but in 2004 it has dropped out of the top ten. It is still too early to tell whether this is a direct result of the criminalisation of spam in Australia (the Spam Act came into force in April 2004). Nevertheless, Australia's downward movement on spam's "ladder of shame" is an encouraging sign.</p>
<p>In the run-up to the festive season, Sophos has seen an increase in spams pretending to be from online stores, claiming that users have paid for products with their credit card and inviting them to click on a link for more details - only to find an advert at the other end.</p>
<p>* Proof of concept malware targets mobile platforms, but no outbreaks</p>
<p>There was much hype this past year around viruses, worms and Trojans infecting mobile devices. Several new pieces of malware, including the Mosquito and Skulls Trojan horses and the Cabir bluetooth worm, which were designed for the Symbian operating system, were identified. Crucially, all of these nuisances need confirmation from the phone user before they can infect. Sophos comments that the threat continues to be very low, advising computer users to focus on the biggest threat - viruses for Windows desktop PCs.</p>
<p>About Sophos.
Sophos is a world leading specialist developer of anti-virus and anti-spam software. Sophos is headquartered in the UK and protects all types of organisations, including small- to medium-sized businesses, large corporations, banks, governments and educational institutions against viruses and spam. The company is acclaimed for delivering the highest level of customer satisfaction and protection in the industry. Sophos's products, backed by 24 hour support are sold and supported in more than 150 countries.</p>
<p>Sophos's regional head office for Australia and New Zealand is in Sydney and hosts one of the company's three Computer Virus Research and Development Laboratories to provide global support services.</p>
Paul Ducklin ( is available for comment:
+61 2 9409 9100 (tel)
+61 2 407 320 515 (mob)
+61 2 9409 9191 (fax)</p>
<p>Sophos's press contact at Gotley Nix Evans is:
Michael Henderson (
+61 2 9957 5555 (tel)
+61 413 054 738 (mobile)
+61 2 9957 5575 (fax)</p>

Most Popular