E-mail-based malware is down, butspam that links to infectious websitesremains steady, according to the latest malware report from
security software supplierSophos.
Sophos found just one infected message in every 1,000 e-mails in
August, way down from 322 during the first six months of 2007.
But there were large numbers of attacks via spam e-mail that
directed users to infected web pages. These are increasing at an
average of 5,000 a each day, compared with 6,000 in July. The bait
is e-cards, pictures of nude celebrities,
YouTube movies and pop music videos.
"People visiting the sites risk having their PCs infected by
malicious code which can then steal personal information, spam out
more malware and junk e-mail, or launch distributed denial of
service attacks against innocent parties," Sophos said.
The top ten web-based malware threats in August 2007 were:
1. Mal/Iframe 47.8%
2. Mal/ObfJS 17.7%
3. Troj/Decdec 14.0%
4. Troj/Fujif 4.3%
5. Mal/EncPk 2.5%
6. Troj/Psyme 2.2%
7. Mal/Packer 1.1%
8. Troj/Pintadd 1.0%
9. VBS/Redlof 0.7%
10. Mal/Behav 0.5%
Others 8.2%
Carole Theriault, senior security consultant at Sophos, said,
"Businesses, web hosts and ISPs are failing to defend their
websites properly. Fraudsters are continuing to find rich pickings
on the internet, duping users into handing over their personal
information."
The top three countries with infected web pages were China
(45%), the US (21%) and Russia (11%), Theriault said. "Hackers are
hijacking websites around the world to make them point to malware
on sites based in China, the USA and Russia."
But the proportion of infected pages hosted by the Ukraine more
than doubled, and the Netherlands, Italy and Canada all re-entered
the chart.