Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

SunbeltLabs detects surge in password-stealing Trojans, media player threats and the re-emergence of Conficker as users visit untrusted sites in search of World Cup video

Marlow, UK – 6 July, 2010 – Sunbelt Software, a provider of security software, today announced the top 10 most prevalent malware threats for the month of June 2010. The report, compiled from monthly scans performed by Sunbelt Software's award-winning anti-malware solution, VIPRE® Antivirus, and its antispyware tool, CounterSpy®, is a service of SunbeltLabs™.

Most significant in June was a surge in detections of Trojan-Spy.Win32.Zbot.gen, a growing family of password-stealing Trojan horse programs, which moved up from fifth place in May to second in June as a result.

Also revealed by Sunbelt Software’s ThreatNet™ statistics was the re-emergence of the high-profile Conficker worm, in the form of variant Downadup. Like the original Conficker strain, Downadup spreads across a network by taking advantage of a vulnerability in Windows Server service which allows remote code execution when file sharing is enabled. This particular variant of Downadup also spreads through removable drives and takes advantage of weak administrator passwords to turn off some system services and anti-malcode protection.

New entries in the top 10 in June were:
• Packed.Win32.Tdss.q (v) (TDSS Rootkit)
• Trojan.ASF.Wimad (v) (Redirect browsers to a malware-infected web site)
• Worm.Win32.Downad.Gen (v) (A variation of the Conficker worm)

Trojan.ASF.Wimad (v) is a VIPRE detection for a group of Trojanized Windows media files which, when opened with Windows Media Player, redirect the victim’s browser to a web site to download malicious files. They have been used to download a variety of malware. The growth in these detections in the month of June is widely due to increased activity around video downloads associated with the FIFA World Cup, which began on June 11.

Trojan.Win32.Generic!BT – a generic detection for Trojans, continued to dominate the top 10 and accounted for a over a quarter (27.16%) of all detections, down a fraction on the previous month. It is a detection that includes many downloaders associated with scareware or rogue security products.

Seven of the top 10 detections found also featured in May, while six of the top 10 were Trojan horse programs, highlighting a small decrease in the number of different types of Trojans being detected in volume. However, Trojans are still highly active, as illustrated by the growth in Trojan-Spy.Win32.Zbot.gen.

INF.Autorun (v), Trojan.Win32.Generic.pak!cobra and BehavesLike.Win32.Malware (v) also recorded significant month-on-month rises in percentage of detections.

“Although Trojans continue to dominate the top 10, June reveals interesting trends such as a fresh wave of Conficker-based detections, suggesting that this troublesome piece of malware is on its way back,” said Sunbelt Software research centre manager Tom Kelchner.

“As we expected, malware related to the distribution and downloading of media files is also on the increase, as highlighted by the appearance of Trojan.ASF.Wimad (v) in the top 10 for June, coinciding with the start of the FIFA World Cup. With many of the World Cup matches taking place during work hours when users have no access to a TV, the temptation to seek out online streaming services, be they from trusted or untrusted sources, has been too strong for some users. To avoid unnecessary malware risks, it is essential to keep clear of unknown and unproven sites offering audio and video streaming,” Kelchner added.

The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, Sunbelt Software’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by SunbeltLabs. The majority of these threats propagate through stealth installations or social engineering.

The top 10 most prevalent malware threats for the month of June are:

1. Trojan.Win32.Generic!BT 27.16%
2. Trojan-Spy.Win32.Zbot.gen 4.68%
3. INF.Autorun (v) 4.05%
4. Trojan.Win32.Generic.pak!cobra 2.58%
5. BehavesLike.Win32.Malware (v) 1.48%
6. Packed.Win32.Tdss.q (v) 1.34%
7. Trojan.ASF.Wimad (v) 1.13%
8. Trojan.Win32.Malware 1.06%
9. Trojan.Win32.Agent 1.04%
10. Worm.Win32.Downad.Gen (v) 1.02%

To see a graphical comparison of the top 10 most prevalent malware infections between May and June, please visit

About SunbeltLabs
SunbeltLabs specialises in the discovery and analysis of dangerous vulnerabilities (i.e., security holes, bugs, maligned features or combination of operations) that could be exploited for Internet and email attacks. The research team actively researches new malware outbreaks, creating and testing new threat definitions on a constant basis. For detailed threat research information and to view the top 10 threats in real time please visit SunbeltLabs at

About Sunbelt Software
Headquartered in Tampa Bay (Clearwater), Fla., Sunbelt Software was founded in 1994 and is a leading provider of Windows security software including enterprise antivirus, antispyware, email security, and malware analysis tools. Leading products include the VIPRE® and CounterSpy® product lines, Sunbelt Exchange Archiver™, CWSandbox™, and ThreatTrack™.

For more information about Sunbelt Software, please visit the company’s website at: To learn more about current activities, products, and ideas at Sunbelt Software, please visit Sunbelt’s corporate blog at To view this release online, go to

Martin Brindley
DMG Europe
+44 1256 807360

Laurie Murrell
Sunbelt Software

# # # #

Copyright © 2010 Sunbelt Software. All rights reserved. All trademarks used are owned by their respective companies.

This press release was distributed by ResponseSource Press Release Wire on behalf of Sunbelt Software in the following categories: Consumer Technology, Business & Finance, Computing & Telecoms, for more information visit