Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.
Top 10 Malware Threats
Rank Malware Infected PCs %Change Trend
1 Adware Helpers 2,036,697 1%
2 Conduit Search/Toolbar 1,464,704 -1%
3 PUP.SupTab 1,048,705 1%
4 PUP.InstallCore 905,057 3%
5 PUP.SuperWeb 874,246 1%
6 PUP.Optimizer Pro 873,082 1%
7 Adware.Multiplug/Variant 837,876 3%
8 Iminent Toolbar 703,456 -3%
9 Hijacker 639,799 0%
Download as CSV
More Info

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

VirLock Ransomware


The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware


The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware


The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar


MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware


ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Ukash Virus


The so-called Ukash Virus is a ransomware Trojan that receives its name because Ukash Virus requires that its victims use Ukash (a legitimate money transfer service) to transfer the ransom funds. This dangerous Trojan infection is composed of a Winlocker component that basically blocks access to the infected computer system, disabling access to the infected computer system's desktop, Task Manager, command line, Registry Editor and other services and applications. There are countless variants of the Ukash Virus, designed to target various different countries in Europe and North America. ESG malware analysts strongly advise against paying the ransom that this malware infection tries to...

Posted on June 15, 2012 in Ransomware

Live Security Platinum


Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer


DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans

HowToSimplified Toolbar

The HowToSimplified Toolbar comes from the infamous Mindspark Interactive Network, Inc. that released the Action Classic Games and SuddenlyMusic toolbars . The HowToSimplified Toolbar is supposed to give you access to 'Do It Yourself' tutorials on the Internet and help you discover home improvement tips and recipe ideas. HowToSimplified may provide you with how-to information, but it is ad-supported and will provide information like your browsing history and download log to advertisers for marketing development purposes. Moreover, the HowToSimplified Toolbar may block the native ads on Amazon, eBay, Walmart and Best Buy to show only advertisements from partners. Security experts recognize the HowToSimplified Toolbar as a Potentially Unwanted Program (PUP) that users may install with freeware bundles unintentionally. Most Mindspark products are deployed with free programs under the...

Posted on September 2, 2015 in Adware


The AdVPN software can be seen packed with free program installers under the 'Custom' or 'Advanced' option and is advertised as a free VPN service. You might want to know that AdVPN is adware, and it may change your DNS settings to reroute your traffic through the Virtual Private Network (VPN) of advertisers. Computer users that installed AdVPN might see full-page ads and floating ad-boxes by AdVPN on their favorite websites. Additionally, AdVPN might use virtual layers to display sponsored marketing materials, coupons, discounts and limited time deals when you visit e-commerce sites like Amazon, Best Buy, and eBay. The AdVPN adware may modify the layout of search results on Google and Bing and may feature links to harmful domains. AdVPN may present you with pop-up and pop-under windows that advertise software like GoforFiles , FileScout , and MagnetDownloader . The programs...

Posted on September 2, 2015 in Adware

NewTabTV Plus

The NewTabTV Plus browser extension is advertised with its ability to turn your browser into a media station and allow you to search media content on specially selected online sources. The NewTabTV Plus extension may overwrite your new tab and home page settings in Google Chrome, Mozilla Firefox, and Internet Explorer. NewTabTV Plus will change your default search aggregator to and may limit your search options by writing a registry entry in Windows. The NewTabTV Plus extension is developed by Imali Media Ltd., that deployed WinFix Pro, and may direct you to register for insecure services from third parties. Users may install NewTabTV Plus extension with a freeware package and may want to know that it is ad-supported. PC users who installed NewTabTV Plus should expect to see coupons, discounts and sponsored offers from advertisers partnering with Imali Media...

Posted on September 2, 2015 in Adware


The Trojan:Win32/Dorv.B!rfn malware is spread among PC users with the help of spam mail, fake updates to Adobe Flash Player and may be incorporated with free programs on untrusted software centers. The Dorv.B!rfn trojan may place its files in the Temp folder to evade security scans and may modify your Windows Registry to start at boot-up. Malware researchers note that Trojan:Win32/Dorv.B!rfn is similar to Trojan:Win32/Ropest and Trojan:Win32/Reveton.A and might decrease your computer performance as it is resource-hungry. Trojan:Win32/Dorv.B!rfn can send information like your system properties, Internet browsing history to its C&C (command and control) servers. The hackers that operate Trojan:Win32/Dorv.B!rfn can use it to record your keystrokes and install other malware like Alureon and Pihar . There are cases where hackers that operate trojans like Trojan:Win32/Dorv.B!rfn...

Posted on September 2, 2015 in Trojans


The Worm:VBS/Tibni.A malware falls in the category of worms written in Visual Basic language that allows it to run on all Windows versions and can load from corrupted documents. Worm:VBS/Tibni.A is deployed as an attached document to spam mail that usually is fake invoices, tax notifications and confirmations from Amazon. The Tibni worm can spread to other computers by infecting USB drives, shared drives and memory cards and can be hard to remove. The Worm:VBS/Tibni.A malware is designed to give its operator a remote control of your computer and may install the following files: wscript.exe, bin.doc, bizo.mp3, Nouveau Dossier.lnk, Zain, and Photo0.jpg. The Tibni worm edits the Windows Registry values of infected users so that it will start every time you turn on your PC. Also, Worm:VBS/Tibni.A may place corrupted shortcuts on your desktop that look as shortcuts for Google Chrome,...

Posted on September 2, 2015 in Worms

Video Convert Toolbar

Many PC users need to convert videos to adapt them to different devices and may be interested in installing the Video Convert Toolbar. It is developed by Mindspark Interactive Network, Inc. and can be downloaded from its official website but most users install it with freeware bundles unknowingly. Security analysts note that the Video Convert Toolbar is supported by advertisers and will change your default search engine to Therefore, the Video Convert Toolbar software is deemed as a Potentially Unwanted Program (PUP). The Video Convert Toolbar may redirect you to third-party services to allow you to convert media to MP4, FLV, and AVI format. Security analysts remind that Mindspark released another toolbar in the same category that is called ConvertBox and showed ads as well. All products of Mindspark Interactive Network, Inc. show an abundance of ads and may claim to be...

Posted on September 2, 2015 in Adware


CoreBot is a new info stealer that may target both individual users and large companies. This malware is deployed to computers via a Trojan dropper that may get to the system via a bogus software update, malicious email attachment or other techniques that cyber crooks may often use to distribute their harmful software. Once CoreBot is deployed, it may inject its payload in several system folders and processes, therefore doing a fine job at disguising its activities. The CoreBot info stealer supports plugins that can be downloaded from the command & control server it communicates with. This means that the perpetrator of the attack may enhance CoreBot's functionality by attaching additional plugins to CoreBot's core module. Thanks to the communication channel established with a command & control server, the CoreBot info stealer can also update its main module, therefore reducing the...

Posted on September 1, 2015 in Trojans Pop-Ups is a suspicious domain name that may be associated with the unwanted activity of browser hijackers. Browser hijackers are small pieces of software that may be used to alter the way a web browser behaves. For example, they may force the web browser to redirect the user to a particular web page when it's started, or it may modify the user's default homepage and search engine. This small but important change may help the authors of a browser hijacker to transfer traffic to their website, therefore improving its popularity and search engine ranking. The domain doesn't host any specific content or web page. Instead, it is used merely as a hub that redirects users to other websites. If a browser hijacker is installed and forces your web browser to redirect you to, then the latter may transfer you to another web destination. A quick...

Posted on September 1, 2015 in Adware


DNS-Locker is an ad-supported application whose presence on your computer may be undesired to say the least. DNS-Locker is a relatively new piece of software, so we are yet to learn more about its purpose and abilities. However, what we know for sure is that one of the main qualities of this software is its ability to inject advertisements in the web browsers it detects on the user's computer. In short, as long as DNS-Locker is installed, you may see unwanted advertisements whenever you try to use your web browser. Being spammed with ads while browsing the web is certainly not the best way to browse the web, so many users might be looking for a solution to the DNS-Locker ads issue they may be experiencing if they installed this software. The DNS-Locker ads can be removed by eliminating their source – the DNS-Locker app. Doing this manually may prove to be a difficult task, so...

Posted on September 1, 2015 in Potentially Unwanted Programs


The MiniLite background service that you may notice in your Windows Task Manager is a modified version of the SupTab (also seen as XTab) program. MiniLite is distributed among PC users as a browser enhancer for users that favor simplicity and fast loading of their homepage. The MiniLite browser enhancer may claim to pre-load components of your homepage and improve your browser experience. However, the primary objective of the MiniLite program is to load ads in your browser first and load your homepage second. MiniLite may use web beacons, session cookies and record your recently entered search keywords to show you tailor-suited ads. The MiniLite browser enhancer is supported by advertisers that would use it to show marketing materials, and you may see banners, inline ads, pop-up windows and sponsored search results on Google. Also, the MiniLite app may show you full-page ads when you...

Posted on September 1, 2015 in Browser Hijackers

Maximum Maker

The Maximum Maker browser add-on is supposed to boost your potential to the max but does not say how it does it. You may want to know what security researcher have to say about the Maximum Maker add-on. The Maximum Maker add-on is classified as adware that will boost your potential to receive numerous advertisements from legitimate and not so legitimate sources. The Maximum Maker adware will push coupons, discounts, banners, special deals, limited time offers and shopping recommendations. The Maximum Maker adware may use pop-up and pop-under windows to welcome users to install software such as Mr. PC Cleaner and Shield Plus Cleaner Utility . The aforementioned programs provide only tools already present in modern versions of Windows and may slow down your PC and urge you to purchase a premium account to solve your registry problems. As stated above, the Maximum Maker adware may...

Posted on September 1, 2015 in Adware Pop-Ups

The pop-ups in your browser are not caused by a security application. On the contrary, an adware infection on your PC may try to convince you that your data and social media accounts are targeted, and you need to call a tech support desk for help. Security investigators note that the pop-ups by should not be trusted, and you don't need to call the listed number. The adware linked to may have entered your system along with a freeware bundle that most users handle with the 'Express' or 'Typical' option carelessly. It is important users to be aware of the fact that fake security pop-ups like those from may lead to security breaches, data loss, and financial fraud. Moreover, there are many cases where adware applications were used to promote rogue registry optimizers like Real Registry...

Posted on September 1, 2015 in Adware

Advanced Calendar

The Advanced Calendar program from MEIXIAN XIE is advertised to display more convenient calendar updates from Google and your system on your desktop. The layout of the Advanced Calendar is a transparent window in the bottom right corner of your desktop and can be operated from an icon in your tray area. At first look, the Advanced Calendar program may appear very useful but you may want to know that Advanced Calendar is supported by advertisers. They can use Advanced Calendar to inject advertisements in your browser, and you may see words made bold with links to sponsored content, pop-up windows, coupons, and discounts. Therefore, Advanced Calendar is deemed as a Potentially Unwanted Program (PUP) that may provide you with exciting calendar features but will load a number of ads in your Internet browser to earn affiliate revenue. The Advanced Calendar program may edit your Windows...

Posted on September 1, 2015 in Potentially Unwanted Programs Pop-Ups

The and domains should not be trusted because they are used to lead users to believe they are infected with PC threats. If you are presented with pop-up messages from and, then you are infected with adware that is being used by scammers to simulate notifications from your Windows Firewall. The pop-up windows from and are generated by and adware-powered application on your system that may have arrived incorporated with a free program installer from a suspicious software center. Adware applications often take the form of browser extensions named after popular online services to avoid raising suspicion, and you may want to check your extension manager for extensions that you did not install. The phone number 1-844-335-0525 listed on the...

Posted on September 1, 2015 in Adware Pop-Ups

The messages from that users may experience in their browser can be displayed by adware on your PC. The bolded domain name has the prefix 'newtest4pc' and is related to a browser hijacker using the domain. Security experts note that the adware linked to the domain uses JavaScript to bring up a message in your browser to urge you to update your Flash Player, and you should not trust it. The domain is not in any way related to the legitimate Adobe Flash Player software and is used by adware developers to invite users to install software like PlusTotal and iToolbox and earn affiliate revenue. You may want to know that the IP address of is related to that is not a safe domain and...

Posted on September 1, 2015 in Adware
1 2 3 4 5 6 7 8 9 10 11 964