Malware goes back to the future in May

Security reports from May seem to have to transported us back a few years, with an old fashioned dialler and new versions of Netsky, Bagle, Sober and Puce topping the list of malware offenders.

Antivirus company Kaspersky said that new versions of old worms made a comeback last month, including Sober.aa jumping to fourth place.

The previous version of this worm, Sober.z, dates back to the middle of November 2005.

Although Sober.aa is described as "primitive", it has been able to surpass worms with far more advanced functionality. Kaspersky predicts that it may well climb higher in the ratings in the months to come.

Topping security firm Fortinet's threat list in May is a dialler designed to call premium long distance numbers. However, like all modern bots, it may also download, execute and upgrade components.

W32/Dialer.PZ!tr was primarily reported throughout Mexico and the US, dialling into locations in Europe and Africa.

A new P2P worm called Puce.G, which spreads itself and infects files through file-sharing software, was first place on the BitDefender chart with 10.31 per cent of total reports. The worm last topped the malware charts in October 2006.

"With the virtual disappearance of mass-mailers form the top infectors, the trend towards consolidation seems to have reduced somewhat," said Viorel Canja, head of BitDefender Labs.

Meanwhile, data from MessageLabs shows an increase in sudden spam surges, or 'spikes', which target individual domains in an aggressive spam attack, similar to the recent assault on Tiscali.

In one spam spike that lasted only 11 hours, more than 10,000 messages were attempted, accounting for more than 75 per cent of the total messages received by the domain during the entire period.

"This month the bad guys continued with their aggressive attacks by developing new tactics to fly under the radar and cause the most damage," said Mark Sunner, chief security analyst at MessageLabs.

"With the increase in spam spikes and new techniques with image spam, it is crucial for businesses to take a multi-layered security approach among email, web and IM to protect employees and systems from malicious attacks."

While malware creators are resurrecting old worms, it appears that spammers continue to innovate and employ new methods to elude traditional anti-spam solutions.

Rather than embedding images in the body of an email message, spammers are now hosting images on sites that do not require registration and include links to those sites or an HTML image in the email message.

Copyright ©v3.co.uk

backfuturegoesinmalwaremaysecuritytheto