Topic: All quiet on the virus front

[Clive]

The Register
By John Leyden
Published Friday 30th September 2005 14:18 GMT

September marked a quiet month on the malware front with virus levels at a yearly low and the long-running NetSky-P worm stuck at the top of virus nuisance charts.

Virus-laden email volumes dropped for the third consecutive month from 2.01 per cent in August, to 1.75 per cent in September to reach their lowest levels this year, according to email security firm BlackSpider Technologies. BlackSpider blocked over 2.8m virus contaminated emails during September.

NetSky-P continues to top BlackSpider's virus chart, for the seventh successive month, accounting for 24 per cent of all viruses detected in September. Its a similar story over at security software firm Sophos where NetSky-P, the worm written by convicted German teenager Sven Jaschan, continues to head up the firm's top ten, 19 months after it was first detected. "NetSky-P's continued dominance raises serious questions about the level of security currently deployed by some PC users," said Carole Theriault, senior security consultant at Sophos.

NetSky-P has risen in prevalence in Sophos's chart for the second consecutive month, up from 14.7 per cent in August to 18.6 per cent in September. There has also been an increase in reports of other old-timers Zafi-D and NetSky-D. The average age of the top ten viruses in Sophos's chart is eight months. Variants of the MyTob worm, which was first identified in March 2005, continue to account for around half of all viruses reported in September.

Security appliance firm Fortinet - which looks at all types of malware in compiling its monthly stats - notes a rise in spware threats in September. Alongside the usual email worms, eBay phishing scams and 180Solutions adware incidents, Fortinet's September top 10 threats list features two additional spyware threats. These are: ZangoSA, a so called "browser helper object," which spies on users' browsing habits, and the one year-old Px, a shady installer, which silently downloads and runs an extensive list of spyware. ®

September top ten virus chart, as compiled by Sophos:

NetSky-P
MyTob-BE
MyTob-AS
Zafi-D
NetSky-D
MyTob-CX
MyTob-EP
MyTob-CJ
MyTob-C
MyTob-CN

[Clive]

Virus attacks fall

Tom Espiner
ZDNet UK
October 03, 2005, 17:55 BST
 
The number of viruses swilling around the Internet declined in September, according to two reports issued on Friday.

Virus-laden emails dropped from 2.01 percent of all email in August, to 1.75 percent in September, the lowest level this year, according to email security company BlackSpider Technologies.

Security company Sophos also reported a drop in the number of infected emails -- the fifth in successive months. Sophos's research found that 1.53 percent, or one in 65 emails circulating in September, was viral.

Netsky.P topped the Blackspider virus chart for the seventh successive month, accounting for 24 percent of all viruses detected in September.

Sophos has seen a rise in Netsky.P incidences, and reported that this virus rose in prevalence from 14.7 percent to 18.6 percent of all viruses. Netsky.P also continued to head up the Sophos top ten.

Netsky.P spreads via email and Internet file-sharing systems, and tries to tempt PC users into launching an infected file, according to Sophos. The worm was written by German teenager Sven Jaschan, who received a 21-month suspended sentence on 8 July.

Netsky.P was first detected nineteen months ago. Sophos reported that the average age of the top ten viruses is eight months, which demonstrates to the company that "a large number of users are still being complacent about installing and updating their virus protection."

"Businesses and home users alike have had nineteen months to update their software, but an alarming number obviously still have not got round to it," said Sophos senior security consultant, Carole Theriault, in a statement.

This also supports the findings of a recent Sophos survey, which claimed that 79 percent of IT professionals believe employees are putting their organisations at risk by failing to act safely online.

Both reports highlight the changing nature of the security threat landscape.

Blackspider reports that incidences of zero-day malware (sent before a patch is released) have almost doubled since August, with 10 new variants of the Bagle virus featuring in the most common zero-day malware sent.

Sophos also saw a drop in mass-mailed attacks, with a growing number of targeted threats being written for financial gain.

"Smaller, targeted attacks are on the increase, with the emergence of a new breed of financially-motivated online criminal. The concern is that if users continue to combine unsafe computing practices with outdated threat protection, they'll be a soft target for this new form of attack," Theriault warned.

"Not only must firms ensure that they keep their virus, spyware and spam protection updated, but IT managers have to start enforcing strict security policies to ensure employees don't jeopardise that protection through reckless online behaviour," added Theriault.

In order to minimise exposure to viruses, Sophos recommends that companies deploy a policy at their email gateway which blocks unwanted executable attachments from being sent into their organisation from the outside world. Companies should also run up-to-date anti-virus software, firewalls and install the latest security patches.