Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Trojan.DNSChanger.Gen uses rootkit technology to change Windows DNS settings on compromised computers in order to inject malicious content

Reading, UK – August 5, 2009 - Sunbelt Software, a leading provider of Windows security software, today announced the top ten most prevalent malware threats for the month of July 2009. The report, compiled from monthly scans performed by Sunbelt's award-winning antispyware tool, CounterSpy™, and its anti-malware solution, VIPRE® Antivirus + Antispyware, is a service of SunbeltLabs™.

For July, SunbeltLabs reports the second-highest detected malware threat as a DNSChanger variant, Trojan.Win32.Tdss.aalc (v), a detection for a group of Trojans that uses downloaders for rogue anti-malware applications to drop malicious code on users’ PCs. The installed software code then contacts malicious Web sites and downloads further malware.

The TDSS Trojans are packed and can contain a number of pieces of malware, including Trojans, backdoors and worms; and is a variant of the two-year-old threat, Trojan.DNSChanger.Gen. Trojan.DNSChanger.Gen uses rootkit technology to change Windows DNS settings on compromised computers in order to inject malicious content into otherwise legitimate Web pages or redirect search engine results in popular search engines, often referred to as click fraud hijacking.

There has been a substantial decrease in the number of infections for the top threat, Trojan-Spy.Win32.Zbot.gen from June to July, down 38% from 7.99% to 4.99% of total threats seen.

The top ten results represent the number of times a particular malware infection was detected during CounterSpy and VIPRE scans that report back to Sunbelt’s community of opt-in users.

The top ten most prevalent spyware threats for the month of July are:

1. Trojan-Spy.Win32.Zbot.gen - 4.99%
2. Trojan.Win32.Tdss.aalc (v) - 2.92%
3. Win32-Trojan-gen - 2.23%
4. Trojan.1 - 2.11%
5. Trojan.DNSChanger.Gen - 1.66%
6. Trojan-Downloader.Zlob.Media-Codec - 1.58%
7. Exploit.PDF-JS.Gen (v) - 1.50%
8. BehavesLike.Win32.Malware (v) - 1.49%
9. Explorer32.Hijacker - 1.32%
10.Trojan.Fakeavalert - 1.20%


Martin Brindley
DMG Europe
+44 1256 807360

Laurie Murrell
Sunbelt Software

About SunbeltLabs

SunbeltLabs specialises in the discovery and analysis of dangerous vulnerabilities (i.e., security holes, bugs, maligned features or combination of operations) that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis. For detailed threat research information and to view the top ten threats in real-time please visit SunbeltLabs at

About Sunbelt Software

Headquartered in Tampa Bay (Clearwater), Fla., Sunbelt Software was founded in 1994 and is a leading provider of Windows security software including enterprise antivirus, antispyware, email security, and malware analysis tools. Leading products include the VIPRE® and CounterSpy® product lines, Ninja™ Email Security, Sunbelt Exchange Archiver™, CWSandbox™, and ThreatTrack™.

For more information about Sunbelt Software, please visit the company’s website at: To learn more about current activities, products, and ideas at Sunbelt Software, please visit Sunbelt’s corporate blog at To view this release online, go to

# # # #

Copyright © 2009 Sunbelt Software. All rights reserved. All trademarks used are owned by their respective companies.

This press release was distributed by ResponseSource Press Release Wire on behalf of Sunbelt Software in the following categories: Consumer Technology, Computing & Telecoms, for more information visit