Trojan code more common than Windows flaws

Report indicates that four out of five threats are Web-based

Michael January 29, 2007 (Computerworld Australia) -- The 2007 Sophos Internet Threat Report, released last week, indicates a seismic online shift towards using Web-based threats as a way to spread malicious code and dupe users into downloading it.

The United States, China, Russia, the Ukraine and the Netherlands rounded out the top five malware hosting countries for 2006.

Trojan-like malicious code, which outnumbered Windows-specific Internet-based worms in 2005, rose to 80% of all threats in 2006. In 2005 that figure was 62%.

Paul Ducklin, head of technology for Sophos Asia Pacific, noted that there is no direct link between malware hosting and botnets, as often a computer can be tweaked to send spam but for some reasons could not be used to serve malware.

"Infected e-mail through attachments has gone down to one in 44 and the fact it has fallen is not because there is less malware, but that the bad guys are more determined to create distinct bits of malware, and these bad guys are no longer enamoured with mass mailing malware because it draws attention," Ducklin said.

"2006 saw an explosive growth of Web based downloaders and 41,536 new pieces of malware but overall the amount of e-mail containing infected attachments was down to one in 337. November saw 7612 new threats. The average has been roughly 8,000 a month,which is around 113 per day with five released every hour."

The report also found that 75% of all phishing e-mail sent during 2006 targeted either PayPal or eBay users, and the first incidents of voice phishing was discovered where scammers redirected e-mail recipients to a telephone number as opposed to a fraudulent Web site.

Ducklin said even company switchboards are being replicated to give this scam more success.

"We're not talking about completely replicating the switchboard but it is a call to action, getting a switchboard in the same way of ripping off other stuff," Ducklin said.

"Obviously you cannot just speak English, but the big deal with VoIP is that it makes the cost of calls to the recipient very low."

The top malware family for 2006, as recorded by Sophos, was Mytob, which accounted for 30% of the problem. Netsky, Sober, Zafi, Nyxem, Bagle, MyDoom, Stratio, Clagger, and Dref rounded out the top 10.