Tech Shout!

The top ten viruses affecting PCs around the world during the month of November 2005 have been revealed by Security provider Sophos.

The report, compiled from Sophos’ global network of monitoring stations, says that, despite being detected very late in the month, the Sober-Z worm dominates the charts, and is at its peak accounted for one in every 13 emails sent. The propogation of Sober-Z has caused Netsky-P, the worm written by convicted German teenager Sven Jaschan, to fall to second position after dominating the number one spot for the past four months.

The top ten viruses in November were Sober-Z - 42.9 per cent, Netsky-P - 8.1 per cent, Mytob-GH - 6.8 per cent, Mytob-EX - 4.5 per cent, Zafi-D - 4.0 per cent, Mytob-BE - 2.3 per cent, Zafi-B - 2.1 per cent, Mytob-AS - 1.6 per cent, Netsky-D - 1.2 per cent, Mytob-C - 1.1 per cent while others viruses accounted for 25.4 per cent of all.

What the new Sober-Z worm does is that it sends itself as an email attachment and attempts to turn off security software on the user’s computer. Once the attached file is run, the worm scans the user’s hard drive for email addresses, in its search for other computers to infect. The author of this worm has been operating anonymously for more than two years, and this latest threat is the cyber criminal’s most widespread virus till date.

Carole Theriault, senior security consultant, Sophos, said, “Since we saw the first Sober worm back in October 2003, its author has tried to improve upon tried-and-tested tricks to dupe computer users into launching infected attachments. This latest worm purports to be a warning from CIA and FBI agents, accusing recipients of visiting illegal websites. Mocking the feds is a sure-fire way of goading the authorities, and you can’t help but wonder whether the author is desperate to be caught.”

Sober worms are frequently bi-lingual, configured to spread in both English and German. As well as posing as communication from an FBI or CIA agent, Sober-Z also references the German version of “Who Wants to be a Millionaire” as well as US star Paris Hilton.

This month’s chart consists of only three virus families - Netsky, Mytob and Zafi, indicating that virus writers are continuing to create variants of established threats, which prove most effective for financial gain. Sophos’s research also shows that 2.7 percent, or one in 38 emails is viral. “The Sober family may seem as hard to exterminate as a colony of cockroaches, but they can be stopped from infesting a network if users remain vigilant when facing unsolicited emails. These worms have posed little threat to computers armed with first-class anti-virus and anti-spam software, and run by users who follow safe computing practices”, said Theriault.

The Mytob family continues to spread far and wide and the variants make up half of the top ten, demonstrating the family’s persistent and varied attacks. Aside from Sober-Z, this month’s chart is dominated by the Mytob, Netsky and Zafi virus families - showing that cyber criminals are increasingly bringing out new variants of established threats in order to maximize their impact.