The proportion of e-mail messages that contain malware has fallen for the first six months this year compared to the same period last year, Sophos said on Wednesday.Statistics released by Sophos show that about one in 91 e-mail messages contained a virus or other types of bad software, far less than the one-in-35 figure of a year ago, said Graham Cluley, senior technology consultant. Sophos provides enterprise-level antivirus, spam, adware and malware protection products.“E-mail, as far as viruses are concerned, is actually safer than it was last year,” Cluley said. While the news is welcome, the bad guys haven’t given up. Instead, their tactics are changing to avoid detection, and they’re writing different kinds of bad software, Cluley said. Malware writers are increasing their focus on Trojan horse programs, a class of malicious software that can include programs called keyloggers. Keyloggers send user log-ins and passwords to a server controlled by a hacker. The programs can also harvest credit card numbers and other personal data that could be used in an identity theft scheme. Trojan horse programs, unlike viruses, do not replicate themselves. About 81 percent of the new bad software Sophos sees circulated on the Internet is this kind of program. “It’s a big financial push,” Cluley said.Criminals are also taking a lower profile in their spam campaigns. When masses of virus- or Trojan-laden e-mail are sent out, antivirus companies such as Sophos receive samples and quickly update their client software. The attack’s effectiveness is thus hampered, so malware writers are sending out fewer large batches of e-mail and targeting victims more carefully, Cluley said.Many aging pieces of malware code are still drifting around the Internet in large numbers, Sophos’ Top 10 list of malware shows. One reason is laziness on the part of hackers, who don’t want to write new code, Cluley said. A second reason is that many consumer computers lack antivirus software, making them ripe targets even though most antivirus programs could protect them.“Home users are much more laid back about virus protection,” Cluley said. The No. 2 and No. 3 most common pieces of malware, Netsky-P and Zafi-B respectively, have been around for a couple of years, Cluley said. Both are mass-mail worms. A worm, like other viruses, is a program that replicates, but does not infect other files.The most common malware so far for 2006 is Sober-Z, a worm that was active only for the first six days of the year. The worm, which was contained in e-mail purportedly from the U.S. FBI or CIA and claimed a user had visited illegal websites, was programmed to stop replicating after Jan. 6.But in that short time, it spread in such quantities that it still holds the number-one spot, appearing in some 22.4 percent of viral e-mail, Cluley said. Four variations of the Mytob virus hold slots on Sophos’ top-10 list. Variants of Mytob can turn off antivirus software, forge the sender’s e-mail address, download other malicious code from the Internet plus modify and steal data on computers. In a separate list classifying malware by families, Mytob came in first, appearing in some 28.7 percent of viral e-mail.Nyxem-D, a much-discussed worm that was also called MyWife, Blackmal and Kama Sutra, came in fourth, although it did not cause much damage.-Jeremy Kirk, IDG News Service (London Bureau)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content brandpost Sponsored by Freshworks When your AI chatbots mess up AI ‘hallucinations’ present significant business risks, but new types of guardrails can keep them from doing serious damage By Paul Gillin Dec 08, 2023 4 mins Generative AI brandpost Sponsored by Dell New research: How IT leaders drive business benefits by accelerating device refresh strategies Security leaders have particular concerns that older devices are more vulnerable to increasingly sophisticated cyber attacks. By Laura McEwan Dec 08, 2023 3 mins Infrastructure Management case study Toyota transforms IT service desk with gen AI To help promote insourcing and quality control, Toyota Motor North America is leveraging generative AI for HR and IT service desk requests. By Thor Olavsrud Dec 08, 2023 7 mins Employee Experience Generative AI ICT Partners feature CSM certification: Costs, requirements, and all you need to know The Certified ScrumMaster (CSM) certification sets the standard for establishing Scrum theory, developing practical applications and rules, and leading teams and stakeholders through the development process. By Moira Alexander Dec 08, 2023 8 mins Certifications IT Skills Project Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe