The report reveals that the US hosts more than one third of the websites containing malicious code identified during 2006, as well as relaying more spam than any other nation.

The Sophos Security Threat Report 2007 examines in detail the top ten malware threats of the last year, and also confirms that malware authors are continuing to turn their backs on large-scale attacks in favor of more focused strikes against computer users.

Microsoft Windows continues to be the primary target for hackers, with internet criminals increasingly manufacturing downloading Trojan horses rather than mass-mailing worms to do their dirty work for them.

In addition to hosting the largest number of malicious websites, the US continues to top the list of worst spam-relaying nations. While the US has made good progress in its efforts to reduce spam-relaying statistics, there was still more spam sent from US computers in 2006 than any other single nation.

The report notes that up to 90% of all spam is now relayed from zombie computers, hijacked by Trojan horses, worms and viruses under the control of hackers. This means that they do not need to be based in the same country as the computers being used to send the spam.

The report also said that the most prolific email threats during 2006 were the Mytob, Netsky, Sober and Zafi families of worms, which together accounted for more than 75% of all infected email. However, Sophos predicts that 2007 is likely to see a significant shift away from the use of email security threats, with cyber criminals instead looking to exploit the continued global growth in web use, as well as user-defined web content.

Email will continue to be an important vector for malware authors, though the increasing adoption of email gateway security is making hackers turn to other routes for infection. The number of websites being infected with malware is on the rise SophosLabs is currently uncovering an average of 5,000 new URLs hosting malicious code each day.

During 2006 Sophos saw a decrease in the use of traditional spyware, in favour of multiple Trojan downloaders. The hacker sends a 'special offer' (or similar) email in an attempt to dupe recipients into visiting a website containing a malicious downloader. The executable file will attempt to download additional Trojans, a process that may be repeated multiple times to try and disable all security defences, before it downloads a spyware component - which will then have a better chance of success.

Statistics reveal that in January 2006 spyware accounted for 50.43% of all infected email, while 40.32% were emails linking to websites containing Trojan downloaders. By December 2006 the figures had been reversed, with the latter now accounting for 51.24%, and spyware-infected emails reduced to 41.87%. This trends looks set to continue into 2007 and beyond.

Sophos notes that 30% of all malware is now written in China, most of it taking the form of Trojans used for gaining a backdoor into users' computers. Surprisingly, 17% of malware written in China is designed for the specific purpose of stealing passwords from online gamers. In contrast, malware authors based in Brazil are responsible for 14.2% of all malware, the majority of which is designed to steal information from online bankers.

Sophos detected 41,536 new pieces of malware in 2006, bringing the total protected against to 207,684. Of these threats, Trojans now outnumber Windows viruses and worms by 4:1. The proportion of infected emails was down from 1 in 44 during 2005 to just 1 in 337 during 2006.