Storm Worm made up 50.3 per cent of all malware tracked by Sophos, making it the number one threat seen by the security company.
Meanwhile, Fortinet ranked it as the fourth worst threat in February in a table that included phishing attacks.
Fortinet detected W32/Tibs.gen, which is also called Mal/HckPk-A, Worm.Win32.Zhelatin.j, Tibs Trojan, WORM_NUWAR.CQ and Storm Worm, in 3.91 per cent of emails containing a threat.
"HckPk is a bit like Mr Potato Head in that it uses disguises to bamboozle antivirus protection into thinking the attachment is safe when, in reality, malicious code lies within," said Carole Theriault, senior security consultant at Sophos.
"Users need to check that their antivirus protection can proactively detect against previously unseen malware, otherwise they could be next in a long line of victims."
Theriault said that today's most widespread threats, such as Dref and Dorf, use HckPk and that cyber-criminals are constantly modifying its disguises in an attempt to bypass defences.
Guillaume Lovet, EMEA threat response team leader at Fortinet, added that at least 36 different variants of the Storm Worm were active in February, although a single variant accounted for almost 60 per cent of detections.
"The overwhelming presence of the Storm Worm is not without consequence, as it is being used to generate and relay massive amounts of spam," he said.
In February, Sophos found that 0.39 per cent or one in 256 emails were infected and the company identified 7,757 new threats.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
