Sophos spots return of 'old-timer' email worm

A three-year-old worm that disseminates through email has made a comeback, leaping to the second place of Sophos's top 10 list of email malware threats for November 2007.

In a statement released today, the security vendor reported that the "old-timer" worm — dubbed Traxg — accounted for nearly a quarter of email-borne malware for the month of November, at 23.6 percent. The worm was first detected in October 2004.

Graham Cluley, senior technology consultant at Sophos, said: "Traxg hurtling into second position this month has come as a complete surprise, and the fact that unsophisticated worms are still slipping through the net at such a rate of knots is a clear indication that huge numbers of users, and potentially companies, are failing to install even basic antivirus protection."

Pushdo, which was the number-one email-based malware for October, once again topped the chart for November and accounted for nearly 30 percent of malware detected. "In first place, Pushdo continues to wreak havoc. A clear reason for its ongoing success is the guilty cybercriminal's ability to quickly create different variants, which are being spread voraciously in a range of spam messages," he said.

"Each new piece of spam that harbours the Trojan has been created to tempt users, and whether it's enticing them to watch videos of Britney or view naked pictures of Angelina, this fraudster's tactics are certainly working," Cluley added.

In November, 0.1 percent of email messages were carrying malicious email attachments, or one in every 1,000, Sophos said.

Web attacks have also risen in November, with 7,500 new infected web pages detected by Sophos every day, the security company said. This is an increase of more than a third when compared to the same period in October.

Mal/Iframe once again topped the chart this month, accounting for more than two-thirds of all infected web pages found in November, at 69.6 percent. Sophos noted that a Trojan dubbed Unsc, which attempts to download malicious code from the web, made its first appearance on the chart. at number seven. It accounted for 0.7 percent of web-based malware detected.

According to the Sophos study, China is the number-one country hosting malware-infected web pages for November, at 55.2 percent. Web pages hosted in China continue to be plagued by Mal/Iframe, and overall the country hosted more than 50 percent of this month's infected web pages.

The US is in second place at 19.7 percent, with Russia trailing at 11.4 percent.

"China, the United States and Russia continue to dominate the chart, accounting for more than 85 percent of all infected web pages worldwide," Cluley said, noting that the entry of four new countries to the chart — Turkey, the UK, Poland and France — shows that the problem is a global one.

"To stop it [from] turning into a major pandemic, web hosts throughout the world would be well advised to clean up their sites and quash the hackers by installing web-security protection," he added.