'Happy New Year' Worm Zooms To Top Of Malware Chart

Sophos calls the worm packaged with the heavily-spammed "Happy New Year" malicious e-mail a variant of the "Dref" family, although other anti-virus vendors have slapped their own names on the malware. Symantec, for example, calls it "Mixor.q," while Kaspersky Lab dubs it "Tibs."

"Dref has been spammed out far and wide in the last few days, and there's a danger that in the rush to get through the backlog of holiday e-mails, people might return to work and accidentally launch the malicious attachment," said Carole Theriault, Sophos senior security consultant, in a statement.

During December, Dref/Mixor/Tibs accounted for over a third (35.2%) of all malicious code transmitted via e-mail. Netsky came in second (22.2%) and Mytob took third (10.7%). Stration, a worm that made major inroads starting in October, was knocked off its top perch by Dref. Stration's monthly slice of the malware pie was just 7.8%, a dramatic fall-off from November's 33.3%.

"Having spread for only two days during the entire month [of December], it is astonishing that Dref has secured the top position for most widespread piece of malicious code," Theriault added. On Dec. 31, the Happy New Year worm accounted for 93.7% of all infected e-mails, according to Sophos' data.

Other anti-virus companies have remarked about the worm's quick rise to the top of the charts. At times on Dec. 29, Israeli security developer Commtouch said Tuesday, Dref/Mixor/Tibs-infected messages made up almost 12% of all e-mails sent worldwide.