Sunbelt Software Announces Top Ten Spyware Threats for December.

January 08, 2007 -- Sunbelt Software, a leading provider of Windows security software, today announced the top ten most prevalent spyware threats for the month of December 2006. The results are based on monthly scans performed by Sunbelt's award-winning antispyware product CounterSpy™. The WinAntiVirusPro threat appears for the first time in the top ten lists and is a rogue antispyware program that purports to scan and detect malware or other problems on the computer. The application then attempts to badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.

Zlob.Media-Codec
Zlob.Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent. It purports to be a needed codec or upgrade to Windows Media Player when users attempt to watch certain adult/porn videos to trick the user into downloading it. Once downloaded, it contacts remote servers and initiates the download of rogue security software such as SpywareQuake.

SpySheriff
SpySheriff is a purported antispyware application to scan for and remove spyware from users' computers. SpySheriff is known to be distributed through exploits that also download adware or spyware on users' computers without notice or consent. When SpySheriff is downloaded through an exploit, it puts a red icon in the system tray and shows a false warning that the computer is infected with spyware.

Trojan.Smitfraud
Trojan.Smitfraud downloads and installs programs that purport to scan for adware and spyware and typically display false reports of spyware in order to frighten the user into paying for the program.

Zango.SearchAssistant
Zango.SearchAssistant opens new browser windows showing websites based on the previous websites you visit. The adware will run in the background on a computer and will periodically direct users to other sponsors' websites, allowing users to compare prices between websites. While the Software is installed on the computer, Zango may collect information about users and the websites visited. This information will be used to provide users with comparative shopping opportunities when they are most relevant. By installing and/or using the Software users grant permission for Zango to periodically display sponsors' websites.

VirusBurst
VirusBurst is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.

Virtumonde
Virtumonde is an adware program that displays pop-up advertisements on the desktop and also downloads other software from various remote servers. There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine.

ClickSpring.PuritySCAN
ClickSpring.PuritySCAN is an adware program that scans a user's Internet Explorer files, including browser cache, cookies and history for pornographic/adult related words and allows the user to delete them.

Trojan.Win32.Qhost.hf
Trojan.Win32.Qhost.hf is a trojan that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent.

WinAntiVirus Pro
WinAntiVirusPro is a rogue antispyware program that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.

Trojan-Downloader.Gen
Trojan-Downloader.Gen is a trojan downloader typically installed through an exploit or some other deceptive means and that facilitates the download and installation of other malware and unwanted software onto a victim's PC.

click to show / hide the Top 10 Threats for November

Top 10 Spyware Threats for November 2006

click on the title to see more information about the spyware threat

1. Trojan Downloader Zlob.Media-Codec
2. DesktopScam
3. Trojan.Smitfraud
4. SpySheriff
5. Virtumonde
6. Trojan.Win32.Qhost.hf
7. VirusBurst
8. AvenueMedia.InternetOptimizer
9. Command Service

Zlob.Media-Codec
Zlob.Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent. It purports to be a needed codec or upgrade to Windows Media Player when users attempt to watch certain adult/porn videos to trick the user into downloading it. Once downloaded, it contacts remote servers and initiates the download of rogue security software such as SpywareQuake.

DesktopScam
This program is used to trick the affected user into purchasing certain security applications. DesktopScam will display false warnings that the computer is infected and uses a fake Windows update globe to trick the user into thinking that Microsoft Windows is reporting a spyware infection. Clicking on this notification directs the user to a pre-defined website to order malware removal software. In some cases the SecurityToolbar.DesktopScam may be present as well.

Trojan.Smitfraud
Trojan.Smitfraud downloads and installs programs that purport to scan for adware and spyware and typically display false reports of spyware in order to frighten the user into paying for the program.

SpySheriff
SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers. SpySheriff is known to be distributed through exploits that also download adware or spyware on users' computers without notice or consent. When SpySheriff is downloaded through an exploit, it puts a red icon in the system tray and shows a false warning that the computer is infected with spyware.

Virtumonde
Virtumonde is an adware program that displays pop-up advertisements on the desktop and also downloads other software from various remote servers. There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine.

Trojan.Win32.Qhost.hf
Trojan.Win32.Qhost.hf is a trojan that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent.

VirusBurst
VirusBurst is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.

AvenueMedia.InternetOptimizer
AvenueMedia.InternetOptimizer is an adware program that spawns pop-up advertising on the desktop and downloads other adware.

Zango.SearchAssistant
Zango.SearchAssistant opens new browser windows showing websites based on the previous websites you visit. The adware will run in the background on a computer and will periodically direct users to other sponsors' websites, allowing users to compare prices between websites. While the Software is installed on the computer, Zango may collect information about users and the websites visited. This information will be used to provide users with comparative shopping opportunities when they are most relevant. By installing and/or using the Software users grant permission for Zango to periodically display sponsors' websites.

Command Service
Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. Command Service is installed by a number of drive-by downloaders, including IE-Plugin.

click to show / hide the Top 10 Threats for October

Top 10 Spyware Threats for October 2006

click to show / hide the Top 10 Threats for September

Top 10 Spyware Threats for September 2006

click to show / hide the Top 10 Threats for August

Top 10 Spyware Threats for August 2006

1. DesktopScam
2. Trojan Downloader Zlob.Media-Codec
3. Virtumonde
4. Command Service
5. Trojan.Smitfraud
6. Trojan WinlogonHook Delf.A
7. DollarRevenue
8. Zango.SearchAssistant
9. StartPage.TimesSquare
10. SpySherrif

DesktopScam
This program is used to trick the affected user into purchasing certain security applications. DesktopScam will display false warnings that the computer is infected and uses a fake Windows update globe to trick the user into thinking that Microsoft Windows is reporting a spyware infection. Clicking on this notification directs the user to a pre-defined website to order malware removal software. In some cases the SecurityToolbar.DesktopScam may be present as well.

Zlob.Media-Codec
Zlob.Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent. It purports to be a needed codec or upgrade to Windows Media Player when users attempt to watch certain adult/porn videos to trick the user into downloading it. Once downloaded, it contacts remote servers and initiates the download of rogue security software such as SpywareQuake.

Virtumonde
Virtumonde is an adware program that displays pop-up advertisements on the desktop and also downloads other software from various remote servers. There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine.

Command Service
Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. Command Service is installed by a number of drive-by downloaders, including IE-Plugin.

Trojan.Smitfraud
Trojan.Smitfraud downloads and installs programs that purport to scan for adware and spyware and typically display false reports of spyware in order to frighten the user into paying for the program.

Trojan.WinlogonHook.Delf.A
WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge. It attaches itself to the Winlogon process and runs every time Windows is booted up and may contact remote servers to download and install additional malware.

DollarRevenue
DollarRevenue is an adware program that spawns pop-up advertising on the desktop and downloads other adware. It is typically installed without consent or notice through a security exploit and is accompanied by additional adware. DollarRevenue files can contact the internet and initiate the download of so much adware that the computer may become unusable. It is known to have been installed from the same site as a password stealing trojan.

Zango.SearchAssistant
Zango.SearchAssistant opens new browser windows showing websites based on the previous websites you visit. The adware will run in the background on a computer and will periodically direct users to other sponsors' websites, allowing users to compare prices between websites. While the Software is installed on the computer, Zango may collect information about users and the websites visited. This information will be used to provide users with comparative shopping opportunities when they are most relevant. By installing and/or using the Software users grant permission for Zango to periodically display sponsors' websites.

StartPage.TimesSquare StartPage.TimesSquare hijacks the IE start page and search pages and displays ads. Antivirus software identifies this as a Trojan.StartPage variant.

SpySheriff
SpySheriff is a purported anti-spyware application to scan for and remove spyware from users' computers. SpySheriff is known to be distributed through exploits that also download adware or spyware on users' computers without notice or consent. When SpySheriff is downloaded through an exploit, it puts a red icon in the system tray and shows a false warning that the computer is infected with spyware

click to show / hide the Top 10 Threats for July

Top 10 Spyware Threats for July 2006

1. DesktopScam
2. Zlob.Media-Codec
3. Trojan.WinlogonHook.Delf.A
4. Virtumonde
5. SpywareQuake
6. Looking-For.Home Search Assistant
7. Command Service
8. Zango.CommonElements
9. Zango.SearchAssistant
10. DollarRevenue

DesktopScam
This program is used to trick the affected user into purchasing certain security applications. DesktopScam will display false warnings that the computer is infected and uses a fake Windows update globe to trick the user into thinking that Microsoft Windows is reporting a spyware infection. Clicking on this notification directs the user to a pre-defined website to order malware removal software. In some cases the SecurityToolbar.DesktopScam may be present as well.

Zlob.Media-Codec
Zlob.Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent. It purports to be a needed codec or upgrade to Windows Media Player when users attempt to watch certain adult/porn videos to trick the user into downloading it. Once downloaded, it contacts remote servers and initiates the download of rogue security software such as SpywareQuake.

Trojan.WinlogonHook.Delf.A
WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge. It attaches itself to the Winlogon process and runs every time Windows is booted up and may contact remote servers to download and install additional malware.

Virtumonde
Virtumonde is an adware program that displays pop-up advertisements on the desktop and also downloads other software from various remote servers. There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine.

SpywareQuake
SpywareQuake is a purported antispyware application to scan for and remove spyware from users' computers. It is known to be distributed through exploits that also download adware and spyware on users' computers without notice or consent.

Looking-For.Home Search Assistant
Home Search Assistant is an Internet Explorer browser helper object (BHO) that changes the user's home page and modifies search results. It also spawns pop-ups on the desktop.

Command Service
Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. Command Service is installed by a number of drive-by downloaders, including IE-Plugin.

Zango.CommonElements
Displays third-party advertising on the computer. The ads can take several forms, including pop-ups, pop-unders, banners, or links embedded within web pages or parts of the Windows interface.

Zango.SearchAssistant
Zango.SearchAssistant opens new browser windows showing websites based on the previous websites you visit. The adware will run in the background on a computer and will periodically direct users to other sponsors' websites, allowing users to compare prices between websites. While the Software is installed on the computer, Zango may collect information about users and the websites visited. This information will be used to provide users with comparative shopping opportunities when they are most relevant. By installing and/or using the Software users grant permission for Zango to periodically display sponsors' websites.

DollarRevenue
DollarRevenue is an adware program that spawns pop-up advertising on the desktop and downloads other adware. It is typically installed without consent or notice through a security exploit and is accompanied by additional adware. DollarRevenue files can contact the internet and initiate the download of so much adware that the computer may become unusable. It is known to have been installed from the same site as a password stealing trojan.

click to show / hide the Top 10 Threats for June

Top 10 Spyware Threats for June 2006

1. DesktopScam
2. Zlob.Media-Codec
3. Looking-For.Home Search Assistant
4. Virtumonde
5. Spyware Quake
6. 180solutions.SearchAssistant
7. Command Service
8. FullContext.EQAdvice
9. Dollar Revenue
10. Zango.SearchAssistant

DesktopScam
This program is used to trick the affected user into purchasing certain security applications. DesktopScam will display false warnings that the computer is infected and uses a fake Windows update globe to trick the user into thinking that Microsoft Windows is reporting a spyware infection. Clicking on this notification directs the user to a pre-defined website to order malware removal software. In some cases the SecurityToolbar. DesktopScam may be present as well.

Zlob.Media-Code
Zlob.Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent. It purports to be a needed codec or upgrade to Windows Media Player when users attempt to watch certain adult/porn videos to trick the user into downloading it. Once downloaded, it contacts remote servers and initiates the download of rogue security software such as SpywareQuake.

Looking-For.Home Search Assistant
Home Search Assistant is an Internet Explorer browser helper object (BHO) that changes the user's home page and modifies search results. It also spawns pop-ups on the desktop.

Virtumonde
Virtumonde is an adware program that displays pop-up advertisements on the desktop and also downloads other software from various remote servers. There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine.

SpywareQuake
SpywareQuake is a purported antispyware application to scan for and remove spyware from users' computers. It is known to be distributed through exploits that also download adware and spyware on users' computers without notice or consent.

180solutions.SearchAssistant
180search Assistant logs the web pages users visit, when visited, these pages upload the data to its servers.

Command Service
Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. Command Service is installed by a number of drive-by downloaders, including IE-Plugin.

FullContext.EQAdvice
FullContext.EQAdvice is an advertising program that displays ads and allows the installation of other adware. It establishes two-way communication with its home servers at fullcontext.net. Like other fullcontext software, it may transmit clickstream data and search query terms.

DollarRevenue
DollarRevenue is an adware program that spawns pop-up advertising on the desktop and downloads other adware. It is typically installed without consent or notice through a security exploit and is accompanied by additional adware. DollarRevenue files can contact the internet and initiate the download of so much adware that the computer may become unusable. It is known to have been installed from the same site as a password stealing trojan.

Zango.SearchAssistant
Zango.SearchAssistant opens new browser windows showing websites based on the previous websites you visit. The adware will run in the background on a computer and will periodically direct users to other sponsors' websites, allowing users to compare prices between websites. While the Software is installed on the computer, Zango may collect information about users and the websites visited. This information will be used to provide users with comparative shopping opportunities when they are most relevant. By installing and/or using the Software users grant permission for Zango to periodically display sponsors' websites.

click to show / hide the Top 10 Threats for May

Top 10 Spyware Threats for May 2006

1. DesktopScam
2. SpyFalcon
3. 180search Assistant
4. Virtumonde
5. Looking-For.Home Search Assistant
6. IEPlugin
7. AvenueMedia.InternetOptimizer
8. Command Service
9. Media-Codec
10. iSearch.DesktopSearch

DesktopScam
This program is used to trick the affected user into purchasing certain security applications.

SpyFalcon
SpyFalcon is a purported antispyware application that scans for and removes spyware from users' computers. SpyFalcon is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent.

180search Assistant
180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers.

Virtumonde
Virtumonde is an adware program that displays pop-up advertisements on the desktop and also downloads other software from various remote servers. There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine.

Looking-For.Home Search Assistant
Home Search Assistant is an Internet Explorer browser helper object (BHO) that changes the user's home page and modifies search results. It also spawns pop-ups on the desktop.

IEPlugin
IEPlugin is an IE Browser Helper Object that monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword.

AvenueMedia.InternetOptimizer
Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. The 'DyFuCA Active Alert' component can open pop-up 'alerts' when directed by its controlling server at http://www.internet-optimizer.com. This software has been seen to download without notice/consent, bundled with other adware/spyware, during security exploits.

Command Service
Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. Command Service is installed by a number of drive-by downloaders, including IE-Plugin.

Media-Codec
Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent. It purports to be a needed codec or upgrade to Windows Media Player when users attempt to watch certain adult/porn videos to trick the user into downloading it. Once downloaded, it contacts remote servers and initiates the download of rogue security software such as SpywareQuake.

iSearch.DesktopSearch
iSearch.DesktopSearch is a browser plug-in that adds a pop-out search box to the Windows system tray and spawns "in-page" browser pop-ups when the user visits search sites.

click to show / hide the Top 10 Threats for April

Top 10 Spyware Threats for April 2006

1. Tro.DesktopScam
2. Virtumonde
3. Looking-For.Home Search Assistant
4. SpywareQuake
5. Command Service
6. 180search Assistant
7. BraveSentry
8. EliteMedia
9. AvenueMedia.InternetOptimizer
10. StartPage.TimesSquare

Tro.DesktopScam
> This program is used to trick the affected user into purchasing certain security applications.

Virtuomonde
Virtumonde is an adware program that displays pop-up advertisements on the desktop and also downloads other software from various remote servers. There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine.

Looking-For.Home Search Assistant
Home Search Assistant is an Internet Explorer browser helper object (BHO) that changes the user's home page and modifies search results. It also spawns pop-ups on the desktop.

SpywareQuake
Removes the user's access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe.

CmdService
CmdService is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. CmdService is installed by a number of drive-by downloaders, including IE-Plugin.

180search Assistant
180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers.

BraveSentry
BRAVESentry is a purported antispyware application to scan for and remove spyware from users' computers. It is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent. When BRAVESentry is downloaded through an exploit, it puts an icon in the system tray and shows a false warning that the computer is infected with spyware. BRAVESentry's free scan reports multiple false positives in order to frighten the user into paying for the program.

ELITEMedia
ELITEMedia is an adware application that opens pop-up advertisements on the user's desktop and may be installed though a security exploit and bundled with other adware and malware.

AvenueMedia.InternetOptimizer
Internet Optimizer, also known as DyFuCA, is an adware application that hijacks the user's browser error page. It opens pop-up windows to display ads from its network sites periodically, also is known to update itself. The 'DyFuCA Active Alert' component can open pop-up 'alerts' when directed by its controlling server at http://www.internet-optimizer.com. This software has been seen to download without notice/consent, bundled with other adware/spyware, during security exploits.

StartPage.TimesSquare
Hijacks the IE start page and search pages and displays ads.

click to show / hide the Top 10 Threats for March

Top 10 Spyware Threats for March 2006

1. Tro.DesktopScam
2. Looking-For.Home Search Assistant
3. iSearch.DesktopSearch
4. CmdService
5. SpySheriff
6. 180search Assistant
7. EliteMedia
8. SpyFalcon
9. StartPage.TimesSquare
10. SpyAxe

Tro.DesktopScam
This program is used to trick the affected user into purchasing certain security applications.

Looking-For.Home Search Assistant
Home Search Assistant is an Internet Explorer browser helper object (BHO) that changes the user's home page and modifies search results. It also spawns pop-ups on the desktop.

iSearch.DesktopSearch
Removes the user's access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe.

CmdService
CmdService is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. CmdService is installed by a number of drive-by downloaders, including IE-Plugin.

SpySheriff
When SpySheriff is downloaded through an exploit, it puts a red icon in the system tray and shows a false warning that the computer is infected with spyware. SpySheriff's free scan reports multiple false positives in order to frighten the user into paying for the program. SpySheriff is set to load at Windows start up. It may also display pop-up warnings of spyware on the computer as a scare tactic.

180search Assistant
180search Assistant logs the web pages you visit, when you visit them and uploads the data to its servers.

ELITEMedia
ELITEMedia is an adware application that opens pop-up advertisements on the user's desktop and may be installed though a security exploit and bundled with other adware and malware.

SpyFalcon
SpyFalcon is a purported anti-spyware application to scan for and remove spyware from users' computers. It is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent. Scan results report false positives in order to frighten the user into paying for the program.

StartPage.TimesSquare
Hijacks the IE start page and search pages and displays ads.

SpyAxe
SpyAxe is a purported anti-spyware application to scan for and remove spyware from users' computers. SpyAxe is known to be distributed through exploits that also download adware/spyware on users' computers without notice or consent.

About Sunbelt Software’s Threat Research Center
The Sunbelt Software Threat Research Center specializes in the discovery and analysis of dangerous vulnerabilities (i.e., security holes, bugs, maligned features or combination of operations) that could be exploited for Internet and email attacks. The research team actively researches new spyware outbreaks, creating and testing new spyware definitions on a constant basis. For detailed spyware research information and to view the top ten spyware in real-time please visit research.sunbelt-software.com



Report a broken link here

 


 
 
 


 
 
 

 
 
to the top of the page