The 10 most frequent e-mail contaminants in August
Antivirus vendors Sophos and Kaspersky have published an analysis of the statistics from their antivirus solutions for August 2007. Sophos says that the number of e-mails with contaminated attachments has reduced. In the first two quarters of 2007, 0.3 percent of all e-mails contained a contaminant, but that figure dropped to 0.1 percent in August.
The most commonly attached contaminant was the Netsky worm, which was first discovered more than three years ago. The Mytob, Mydoom, Zafi and Bagle malware families are also long in the tooth but still active. The two vendors' hit lists differ to some extent, possibly due to the geographic distribution of their customers. Since Kaspersky lists the individual variants of a contaminant, we have summarized the vendor's top 20 list in a top 10 list of families.
Aside from the shrinking share of contaminated e-mails, last month Sophos found 5000 new websites that infect visitors. Almost half of all the websites that spread contaminants try to exploit vulnerabilities in Web browsers or installed software via IFrames. Infected websites are at present mainly hosted in China (44.8 percent), the US (20.8 percent), and Russia (11.3 percent).
Users can protect themselves from being infected by e-mails and websites by using an antivirus product with current signatures, and by making sure that they have installed all security updates both for their operating system and the software they use. In addition, users should be careful about opening unexpected e-mails with attached files. For more information on how to protect yourself from contaminants, see the antivirus websites at heise Security.