Sophos, a world leader in
integrated threat management solutions, has revealed the top ten malware
threats of 2005, in a new in-depth report into the year’s most pressing
security issues.

In a year that has seen the number of new threats rise by a staggering 48
percent, the lingering Zafi-D worm has taken the number one spot in the virus
chart, while last year’s hardest hitting virus, Netsky-P, dropped to second
place. In contrast, Sober-Z — only unleashed in November 2005 — has already
climbed to third place as it continues to disrupt and clog networks worldwide.

The “Sophos Security Threat Management Report 2005” — which can be
downloaded from — reveals that on
average, one in every 44 emails was viral during 2005. This rose to one in
twelve during major outbreaks, while 15,907 new malware threats were

The top ten viruses of the year are as follows:

Position Name Percentage First seen
1 Zafi-D 16.7% December 2004
2 Netsky-P 15.7% March 2004
3 Sober-Z 6.0% November 2005
4 Sober-N 4.3% May 2005
5 Zafi-B 4.0% June 2004
6 Mytob-BE 3.9% June 2005
7 Mytob-AS 3.8% June 2005
8 Netsky-D 3.0% March 2004
9 Mytob-GH 1.9% October 2005
10 Mytob-EP 1.8% June 2005
Other 38.9%

“Don’t let the figures fool you — old-timers may head up the top ten, but
the enormous rise in the number of new threats shows that 2005 has been
anything but quiet on the malware front,” said Graham Cluley, senior
technology consultant at Sophos. “This huge increase stems from the
escalating interest in authoring Trojans, worms and viruses shown by criminal
gangs intent on making a profit. By focusing their efforts on a smaller
number of victims, cybercriminals can target them with bespoke malware,
increasing their chances of slipping under the security net.”

Interestingly, while all of the top ten threats are Windows-based worms,
the number of Trojan horses written during 2005 outweighs worms by almost 2:1.
In addition, the percentage of malware that includes spyware components rose
from 54.2 percent in January to 66.4 percent by the end of the year. These
figures reinforce the notion that malware authors are engaging in targeted
attacks, rather than widespread bombardment, and also help explain a rise in
the amount of spam spewed out by zombie computers — now accounting for over
60 percent of the world’s spam.

“Unlike viruses or worms, Trojans cannot replicate on their own, meaning
that they must be deliberately emailed or planted on websites in order to
spread. It’s more and more common for new Trojans to become widespread after
being spammed en masse from zombie computers,” added Cluley. “It’s no
surprise that most of the top ten threats allow hackers to gain access to an
infected PC, enabling them to create a zombie, steal information, and dish out
their malware from under the nose of unsuspecting users.”

The Sophos report reveals that unprotected computers have a 40 percent
chance of being infected by an internet worm within ten minutes, turning them
into a zombie under a remote hacker’s control

The report also identifies which countries around the world have been
responsible for relaying the most spam during 2005, and that pornographic spam
and messages attempting “pump-and-dump” stock scams have surged.

Sophos has made available a free virus and security news RSS feeds,
ensuring that internet users are always up-to-the-second with news about the
latest viruses and security threats.