The latest malware monitoring data from Sophos said that Dorf has rampaged to the top of the monthly malware threat chart to account for almost 50 percent of all malware seen during January.
Dorf was aggressively spammed out posing as breaking news of deaths caused by stormy European weather during January.
Later in the month the authors changed tack and launched a second campaign disguising the malware as a romantic email greeting card.
Elsewhere in the Sophos top 10, Netsky, Mytob and Stratio remain rooted in second, third and fourth places respectively, accounting collectively for one third of all malware reports.
"Spammed out with hard-hitting headlines and the promise of exclusive news content, the Dorf malware, or Storm Trojan, moved at gale force speeds and battered inboxes worldwide in an attempt to compromise users' PCs," said Carole Theriault, senior security consultant at Sophos.
"It was not a particularly sophisticated form of attack, as preying on public interest by using breaking news events is a tried and trusted trick and has proven to be a remarkably effective method of fooling recipients into lowering their guard."
Sophos has seen more than 2,500 variants of the Dorf malware, almost a third of the new threats identified during January 2007.
The majority were intercepted by Sophos' proactive Behavioral Genotype Protection technology even before they were formally identified as belonging to the Dorf family of malware.
According to the firm, the proportion of infected email, while substantially higher than in December 2006, is still small at just one in 238 (0.42 per cent).
Sophos identified 7,272 new threats during January, bringing the total number of malware protected against to 214,956.
The full list is as follows:
1. Dorf 46.1%
2. Netsky 16.1%
3. Mytob 9.8%
4. Stratio 8.5%
5. Zafi 3.6%
6. MyDoom 2.8%
7. Sality 2.6%
8. Bagle 2.5%
9. Nyxem 1.0%
10. Wukill 0.8%
Others 6.2%