Three of November's top ten malware threats run on Microsoft’s latest and long awaited operating system release, Vista.

Tests by IT security analyst Sophos show that on the launch day of Microsoft's Windows Vista operating system, three of the top-ten malware threats, including the number one malware threat Stratio-Zip, are capable of bypassing the product's security defences and infecting users' PCs.

Sophos tested each piece of malware in the top ten on the Vista operating system to establish whether users running Vista without any third-party security software would avoid infection.

The results showed that while the Windows Mail email client (Vista's upgrade of Outlook) was able to identify and halt all of the threats, Stratio-Zip, Netsky-D and MyDoom-O – each of which are commonly disseminated via email – were able to bypass the defences when accessed via a third-party web email client.
This represents a serious issue for businesses who allow employees to access their personal email at work, as well as for companies that are considering adopting an alternative email client.

"There has been much speculation about whether Vista would render existing malware extinct, and the news is now in – it won't," said Carole Theriault, senior security consultant at Sophos.

"While Microsoft should be commended for the huge security improvements it has made in Vista, running separate security software is still essential to eliminate the risk of infection. On top of this, cyber criminals will already be looking at creating Vista-specific malware. Users need to think carefully about whether their current solution is going to offer sufficient protection against such emerging threats, given that some vendors continue to experience problems adapting their software for the Vista operating environment."

The figures, compiled from Sophos's global network of monitoring stations to show the most prevalent malware threats and hoaxes causing problems for computer users around the world during November 2006, found the Stratio-Zip worm has overtaken Netsky-P as the most widely circulated piece of malware, accounting for one third of the total number of reports.

The top ten list of malware in November 2006 reads as follows:

  1. Stratio-Zip 33.3%
  2. Netsky-P 15.6%
  3. Bagle-Zip 6.1%
  4. Zafi-B 4.3%
  5. Netsky-D 3.9%
  6. Nyxem-D 2.5%
  7. MyDoom-O 2.5% (equal 6th)
  8. Mytob-C 2.4%
  9. Sality-AA 1.8% new entry
  10. Zafi-D 1.7%
  11. Others 25.9%

Graphics of the November's top ten virus chart are available here