Security firm Sophos says the number of new viruses in the first half of 2005 is up 59% from the first six months of last year, and more alarmingly reports that an unprotected, unpatched Windows PC stands a 50 percent chance of being infected by an Internet worm within 12 minutes of coming online.
Sophos reported that the venerable Zafi-D worm accounts for more than a quarter of all viruses reported to it so far this year. The worm claims to be a Christmas greeting to trick users into opening an infected attachment.
The Sober family, which takes third place on the six-month chart, first emerged in May. The worm provided messages in both English and German promising World Cup tickets. After a period of dormancy, the worm updated itself and changed its messages to German nationalist propaganda.
“The Sober family of worms show just how much damage can now be done through a zombie machine,” said Graham Cluley, senior technology consultant at Sophos. “The combined effort of spammers, virus writers and their zombie armies are certainly a force to be reckoned with. Increasingly, legitimate organizations are being thrown into the firing line – finding themselves being identified as sources of spam.”
The company also reported a threefold increase in the number of keylogging Trojans so far this year, which can be used to obtain confidential information or harvest user passwords to financial sites.
“What we are witnessing is a stampede of new Trojan horses every day,” said Cluley. “Although some familiar worms have a tight grip on the charts, the growth in Trojan horses is perhaps the most significant development in malware-writing. Trojans don’t normally make the charts because they don’t spread under their own steam, and are increasingly being used for targeted attacks designed to make money or steal information.”
Finally, the company reported that the prevalence of organized computer crime is higher than ever, citing an attempted breach at the Sumitomo Mitsui bank in London and the MasterCard hack as examples of a trend toward financially motivated computer crime.