Christmas in June? That used to be a good thing, but that’s not the case this year, according to security and anti-virus firm Sophos.The Zafi-D worm, which poses as a Christmas card greeting, made up more than a quarter of all viruses reported to Sophos in the first half of the year. Behind Zafi-D was NetSky-P worm, followed by the bilingual Sober-N worm, which poses as an offer for free tickets to the 2006 World Cup, in third place.“It’s really amazing that even though the holiday season has long passed, Zafi-D has managed to stick around,” said Gregg Mastoras, senior security analyst with Sophos. “Over the last two months, we’ve seen a decrease in reports but it’s still very much a threat,” he said. Sober-N is a particularly devious little piece of malware. It waits silently in the background of infected PCs, before upgrading itself to a newer version in order to send out German nationalistic spam from the compromised, ‘zombie’ computers.“The Sober family of worms is an example of how damaging the collaborative efforts between virus writers and spammers can be, hijacking the computers of legitimate organizations to create ‘zombies,’ whose purpose is to perpetuate the generation of more spam,” said Mastoras. “Organizations are being victimized and likely being identified as a source of spam, endangering reputations and potentially causing their email to be blocked by others,” he said. Sophos has seen a threefold increase in the number of keylogging Trojans so far this year. Trojans are delivered to targeted organizations via email attachments or links to websites. They are often used by remote hackers to steal privileged information and very often, to launch further attacks. In June, an NISCC investigation, which Sophos assisted, found that nearly 300 UK government departments and core businesses were the subject of Trojan horse attacks. According to Sophos’ report, in the first half of the year the company detected and protected against 7,944 new viruses, which is a 59 percent increase from the first six months of 2004. The number of keylogging Trojans has tripled in the first six months of the year compared to the first half of last year.Sophos says that the increase in the number of viruses and worms means a Windows PC without either firewall or antivirus protection stands a 50 percent chance of infection by a worm after being online 12 minutes. For more information on Sophos’ report, visit their website. For more discussion on the impact of malware on electronic commerce, check out my recent security column. Security