The proportion of email messages that contain malware has fallen for the first six months this year compared to the same period last year, according to antivirus firm Sophos.
Statistics released by Sophos show that about one in 91 email messages contained a virus or other types of bad software, far less than the 1-in-35 figure of a year ago, says Graham Cluley, senior technology consultant. Sophos provides enterprise-level antivirus, spam, adware and malware protection products.
"Email, as far as viruses are concerned, is actually safer than it was last year," Cluley says.
While the news is welcome, the bad guys haven't given up. Instead, their tactics are changing to avoid detection, and they're writing different kinds of bad software, Cluley says.
Malware writers are increasing their focus on Trojan horse programs, a class of malicious software that can include programs called keyloggers. Keyloggers send user log-ins and passwords to a server controlled by a hacker. The programs can also harvest credit card numbers and other personal data that could be used in an identity theft scheme.
Trojan horse programs, unlike viruses, do not replicate themselves. About 81% of the new bad software Sophos sees circulated on the Internet are these kinds of programs.
"It's a big financial push," Cluley sas.
Criminals are also taking a lower profile in their spam campaigns. When masses of virus- or Trojan-laden email are sent out, antivirus companies such as Sophos receive samples and quickly update their client software.
The attack's effectiveness is thus hampered, so malware writers are sending out fewer large batches of email and targeting victims more carefully, Cluley says.
Many aging pieces of malware code are still drifting around the internet in large numbers, Sophos' top ten list of malware shows. One reason is laziness on the part of hackers, who don't want to write new code, Cluley says.
A second reason is that many consumer computers lack antivirus software, making them ripe targets even though most antivirus programs could protect them.
"Home users are much more laid back about virus protection," Cluley says.
The number two and number three most common pieces of malware, Netsky-P and Zafi-B respectively, have been around for a couple of years, Cluley says. Both are both mass-mail worms. A worm, like other viruses, is a program that replicates, but does not infect other files.
The most common malware so far for 2006 is Sober-Z, a worm that was active only for the first six days of 2006. The worm, contained in email purportedly from the US Federal Bureau of Investigation or Central Intelligence Agency and claimed a user had visited illegal websites, was programmed to stop replicating after January 6.
But in that short time it spread in such quantities that it still holds the number one spot, appearing in some 22.4% of viral email, Cluley says.
Four variations of the Mytob virus hold slots on Sophos' top tgen list. Variants of Mytob can turn off antivirus software, forge the sender's email address, download other malicious code from the internet plus modify and steal data on computers.
In a separate list classifying malware by families, Mytob came in first, appearing in some 28.7% of viral email.
Nyxem-D, a much discussed worm that was also called MyWife, Blackmal and Kama Sutra, came in fourth, although it did not cause much damage.