Trojans gallop to new record

For every one new virus detected, there are four new Trojan horses.

According to new report released Friday by Sophos, Trojan horses made up 85.1 percent of 1,538 new threats uncovered in May. Last December, such attacks contributed to 62 percent of all new malware found in 2005, according to the security vendor.

Statistics from SophosLabs confirm that the Trojan threat has reached a new threshold. For the first time, the number of Trojans as a proportion of new threats over a six-month period, crossed the 80 percent-mark, Paul Ducklin, Sophos' Asia-Pacific head of technology, told ZDNet Asia in an e-mail interview.

Between December 2005 and May 2006, 82 percent of new malware were found to be Trojans, compared to 65 percent between June 2005 and November 2005, he said.

"Two possible reasons Internet criminals tend to favor Trojans these days are that they do not want to draw widespread attention to their efforts," Ducklin said, adding that Trojans provided hackers more control over their targets.

Cyber criminals, practically, cannot handle the amount of stolen data they get in one day if they use viruses to infect hundreds of thousands, he explained.

On a bright side, the number of virus-infected e-mail dropped considerably over the past year, Sophos noted in a statement. One in 141 e-mail messages last month were infected with a virus, compared to one in 38 in May 2005.

Although Trojans are making headlines, Windows-based worms continue to dominate Sophos' list of top malware threats. The May report listed Netsky-P, Zafi.D and Nyxem-D, as the top three threats.

The list of top threats for May excludes Trojan horses, primarily because the latter's method of attack is more targeted. However, the Clagger-I made a brief appearance in the March top 10 list, according to Sophos' Web site. Clagger-I was found in e-mail messages claiming to be from eBay's PayPal service.

Carole Theriault, senior security consultant at Sophos, noted in a statement that businesses and individuals should be vigilant, as there are increasingly more targeted attacks that use spyware technology for snooping purposes.

"Businesses need to think more holistically about their IT defenses," said Theriault. "Antivirus protection at both the [server] gateway and the desktop must be accompanied by firewalls, regular security patch upgrades and safe computing best practices."

New ransomware identified
In a separate statement, Sophos said it has identified a new Trojan horse which encrypts a victim's files, enabling the victim to retrieve the data only when he makes a purchase from an online pharmacy.

Dubbed Archiveus-A, the Trojan horse targets files in "My Documents" folder, according to an advisory on Sophos' Web site. When victims try to access the infected files, they are directed to a message indicating that they caught the Trojan while surfing illegal porn sites. Victims are also instructed to key in a password that is longer than 30 characters, which they can obtain from one of three online drug stores, in order to access their files.

Graham Cluley, senior technology consultant at Sophos, said: "The password is deliberately long and complicated in an attempt by the hackers to avoid people easily cracking it.

"Experts at Sophos have disassembled the Arhiveus Trojan, and determined that the password is mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw," he said. "So there should be no reason for anyone hit by this ransomware attack to have to pay the criminals [to retrieve their files]."