The proportion of email messages that contain malware has fallen for the first six months this year compared to the same period last year, Sophos PLC said yesterday.
Statistics released by Sophos show that about one in 91 email messages contained a virus or other types of bad software, far less than the one-in-35 figure of a year ago, said Graham Cluley, senior technology consultant. Sophos provides enterprise-level antivirus, spam, adware and malware protection products.
"Email, as far as viruses are concerned, is actually safer than it was last year," Cluley said.
While the news is welcome, the bad guys haven't given up. Instead, their tactics are changing to avoid detection, and they're writing different kinds of bad software, Cluley said.
Malware writers are increasing their focus on Trojan horse programs, a class of malicious software that can include programs called keyloggers. Keyloggers send user logins and passwords to a server controlled by a hacker. The programs can harvest credit card numbers and other personal data that could be used in an identity theft scheme.
Trojan horse programs, unlike viruses, do not replicate themselves. About 81 percent of the new bad software Sophos sees circulated on the internet are these kinds of programs.
"It's a big financial push," Cluley said.
Criminals are taking a lower profile in their spam campaigns. When masses of virus- or Trojan-laden email are sent out, antivirus companies such as Sophos receive samples and quickly update their client software.
The attack's effectiveness is thus hampered, so malware writers are sending out fewer large batches of email and targeting victims more carefully, Cluley said.
Many ageing pieces of malware code are still drifting around the internet in large numbers, Sophos' Top 10 list of malware shows. One reason is laziness on the part of hackers, who don't want to write new code, Cluley said.
A second reason is that many consumer computers lack antivirus software, making them ripe targets even though most antivirus programs could protect them.
"Home users are much more laid back about virus protection," Cluley said.