Track Global Malware Trends
View the trending of malware based on the 'detection count' reports of threats found in infected PCs and volume levels which reflect malware infection rates. For real-time data on malware outbreaks worldwide, visit MalwareTracker.
Top 10 Malware Threats
Rank Malware Infected PCs %Change Trend
1 Adware Helpers 2,036,697 1%
2 Conduit Search/Toolbar 1,464,704 -1%
3 PUP.SupTab 1,048,705 1%
4 PUP.InstallCore 905,057 3%
5 PUP.SuperWeb 874,246 1%
6 PUP.Optimizer Pro 873,082 1%
7 Adware.Multiplug/Variant 837,876 3%
8 Iminent Toolbar 703,456 -3%
9 Hijacker 639,799 0%
Download as CSV
More Info

Top Security News

Top 20 Countries Found to Have the Most Cybercrime
Have you ever wondered which countries face the most cybercrime? If you have ever wondered which countries have the most cybercrime, then you may be surprised to know that there are few contributing factors that attract cybercriminals to specific regions of the world. Security research firm,...
Gmail Filter Virus Attacks Gmail Users Turning Them Into Spammers
A new vulnerability within the Gmail email account system, called Gmail Filter Virus, is currently affecting some Gmail users taking control of their account turning it into a virtual spam proxy. Many Gmail account users will utilize the 'filters' feature for various automation functions in...
Crafty Scammers Offer a Fake Survey Bypassing Script That is Really a Survey Scam Campaign in Disguise
Just when you think that you have heard about some of the most clever scams online, cybercrooks amaze us all again as they introduce their very own solution to online survey scams. The people responsible for survey scams are not only still tricking computer users through the use of their annoying...

More Articles

VirLock Ransomware


The VirLock Ransomware is a ransomware Trojan that takes computers hostage and then demands payment from the computer users using BitCoin, a crypto-currency that is known for permitting anonymous online payments. The VirLock Ransomware will threaten computer users, claiming that the VirLock Ransomware has found pirated software on the infected computer and threatening to report the victim to the authorities unless the fine is paid. These claims have no basis. The VirLock Ransomware cannot check your computer for pirated software or alert the authorities. Rather, the VirLock Ransomware is engineered to lock down your computer and prevent access to your files. If the VirLock Ransomware...

Posted on December 10, 2014 in Ransomware

CryptoWall Ransomware


The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware . The CryptoWall Ransomware is designed to infect all versions of Windows, including Windows XP, Windows Vista, Windows 7 and Windows 8. As soon as the CryptoWall Ransomware infects a computer, the CryptoWall Ransomware uses the RSA2048 encryption to encrypt crucial files. Effectively, the CryptoWall Ransomware prevents computer users from accessing their data, which will be encrypted and out of reach. The CryptoWall Ransomware claims that it is necessary to pay $500 USD to recover the encrypted...

Posted on May 12, 2014 in Ransomware

CryptoLocker Ransomware


The CryptoLocker Trojan is a ransomware infection that encrypts the victim's files. CryptoLocker may typically be installed by another threat such as a Trojan downloader or a worm. Once CryptoLocker is installed, CryptoLocker will search for sensitive files on the victim's computer and encrypt them. Essentially, CryptoLocker takes the infected computer hostage by preventing access to any of the computer user's files. CryptoLocker then demands payment of a ransom to decrypt the infected files. CryptoLocker is quite harmful, and ESG security analysts strongly advise computer users to use an efficient, proven and updated anti-malware program to protect their computer from these types of...

Posted on September 11, 2013 in Ransomware

MyStart by Incredibar


MyStart is a browser hijacker that uses the MyStart by Incredibar toolbar and a browser hijacking component that forces its victims to visit the website. This website is a low-quality search engine that displays more advertisements than legitimate results. Even worse, several of MyStart's search results may lead computer users to websites containing malicious content. Although MyStart actually provides a supposed tool to remove this component from the victim's web browser, ESG security researchers recommend disregarding this component and instead removing MyStart with the help of a reputable anti-malware utility. MyStart can refer to both the low-quality...

Posted on July 31, 2012 in Adware

FBI Moneypak Ransomware


ESG security researchers have received reports of a ransomware infection, known as the FBI Moneypak ransomware, that targets computer users in the United States. The FBI Moneypak ransomware infection will claim that the victim's computer was involved in viewing child pornography and then demands payment of a 100 dollar 'fine' to be sent via MoneyPack. Of course, that a criminal charge as serious as child pornography would be punished with a mere 100 dollar fine is laughable. There is a reason for this, the FBI Moneypak ransomware is not really from the FBI. Rather, this message is actually part of a common malware scam. The FBI Moneypak ransomware scam will use a Winlocker, that is,...

Posted on June 25, 2012 in Ransomware

Ukash Virus


The so-called Ukash Virus is a ransomware Trojan that receives its name because Ukash Virus requires that its victims use Ukash (a legitimate money transfer service) to transfer the ransom funds. This dangerous Trojan infection is composed of a Winlocker component that basically blocks access to the infected computer system, disabling access to the infected computer system's desktop, Task Manager, command line, Registry Editor and other services and applications. There are countless variants of the Ukash Virus, designed to target various different countries in Europe and North America. ESG malware analysts strongly advise against paying the ransom that this malware infection tries to...

Posted on June 15, 2012 in Ransomware

Live Security Platinum


Live Security Platinum is one of the many fake security programs in the WinWebSec family of malware. Although ESG security researchers have been following the family of malware for several years, Live Security Platinum is a relatively new variant first detected in 2012. Because of this, it is pivotal to ensure that your security software is fully updated. Like most fake security programs, Live Security Platinum is designed to induce PC users to purchase a worthless 'full version' of Live Security Platinum. To do this, Live Security Platinum will try to scare the computer user with a variety of fake error messages, pop-up alerts from the Taskbar and a convincing fake scan of the...

Posted on June 1, 2012 in Rogue Anti-Spyware Program

DNS Changer


DNS Changer is a Trojan that is designed to force a computer system to use rogue DNS servers. Also, DNS Changer is being referred to as the Internet Doomsday Virus, Ghost Click Malware, DNS Changer Rootkit, DNS Changer Malware, DNS Changer Trojan, DNS Changer Virus, FBI DNS Changer or DNSChanger. A DNS Changer infection will typically have two steps, in order to reroute the infected computer’s traffic to these malicious DNS servers: A DNS Changer malware infection will change the infected computer system’s settings, in order to replace the DNS servers to rogue DNS servers belonging to hackers or online criminals. The DNS Changer malware infection will then try to...

Posted on November 25, 2011 in Trojans


CoreBot is a new info stealer that may target both individual users and large companies. This malware is deployed to computers via a Trojan dropper that may get to the system via a bogus software update, malicious email attachment or other techniques that cyber crooks may often use to distribute their harmful software. Once CoreBot is deployed, it may inject its payload in several system folders and processes, therefore doing a fine job at disguising its activities. The CoreBot info stealer supports plugins that can be downloaded from the command & control server it communicates with. This means that the perpetrator of the attack may enhance CoreBot's functionality by attaching additional plugins to CoreBot's core module. Thanks to the communication channel established with a command & control server, the CoreBot info stealer can also update its main module, therefore reducing the...

Posted on September 1, 2015 in Trojans Pop-Ups is a suspicious domain name that may be associated with the unwanted activity of browser hijackers. Browser hijackers are small pieces of software that may be used to alter the way a web browser behaves. For example, they may force the web browser to redirect the user to a particular web page when it's started, or it may modify the user's default homepage and search engine. This small but important change may help the authors of a browser hijacker to transfer traffic to their website, therefore improving its popularity and search engine ranking. The domain doesn't host any specific content or web page. Instead, it is used merely as a hub that redirects users to other websites. If a browser hijacker is installed and forces your web browser to redirect you to, then the latter may transfer you to another web destination. A quick...

Posted on September 1, 2015 in Adware


DNS-Locker is an ad-supported application whose presence on your computer may be undesired to say the least. DNS-Locker is a relatively new piece of software, so we are yet to learn more about its purpose and abilities. However, what we know for sure is that one of the main qualities of this software is its ability to inject advertisements in the web browsers it detects on the user's computer. In short, as long as DNS-Locker is installed, you may see unwanted advertisements whenever you try to use your web browser. Being spammed with ads while browsing the web is certainly not the best way to browse the web, so many users might be looking for a solution to the DNS-Locker ads issue they may be experiencing if they installed this software. The DNS-Locker ads can be removed by eliminating their source – the DNS-Locker app. Doing this manually may prove to be a difficult task, so...

Posted on September 1, 2015 in Potentially Unwanted Programs


The MiniLite background service that you may notice in your Windows Task Manager is a modified version of the SupTab (also seen as XTab) program. MiniLite is distributed among PC users as a browser enhancer for users that favor simplicity and fast loading of their homepage. The MiniLite browser enhancer may claim to pre-load components of your homepage and improve your browser experience. However, the primary objective of the MiniLite program is to load ads in your browser first and load your homepage second. MiniLite may use web beacons, session cookies and record your recently entered search keywords to show you tailor-suited ads. The MiniLite browser enhancer is supported by advertisers that would use it to show marketing materials, and you may see banners, inline ads, pop-up windows and sponsored search results on Google. Also, the MiniLite app may show you full-page ads when you...

Posted on September 1, 2015 in Browser Hijackers

Maximum Maker

The Maximum Maker browser add-on is supposed to boost your potential to the max but does not say how it does it. You may want to know what security researcher have to say about the Maximum Maker add-on. The Maximum Maker add-on is classified as adware that will boost your potential to receive numerous advertisements from legitimate and not so legitimate sources. The Maximum Maker adware will push coupons, discounts, banners, special deals, limited time offers and shopping recommendations. The Maximum Maker adware may use pop-up and pop-under windows to welcome users to install software such as Mr. PC Cleaner and Shield Plus Cleaner Utility . The aforementioned programs provide only tools already present in modern versions of Windows and may slow down your PC and urge you to purchase a premium account to solve your registry problems. As stated above, the Maximum Maker adware may...

Posted on September 1, 2015 in Adware Pop-Ups

The pop-ups in your browser are not caused by a security application. On the contrary, an adware infection on your PC may try to convince you that your data and social media accounts are targeted, and you need to call a tech support desk for help. Security investigators note that the pop-ups by should not be trusted, and you don't need to call the listed number. The adware linked to may have entered your system along with a freeware bundle that most users handle with the 'Express' or 'Typical' option carelessly. It is important users to be aware of the fact that fake security pop-ups like those from may lead to security breaches, data loss, and financial fraud. Moreover, there are many cases where adware applications were used to promote rogue registry optimizers like Real Registry...

Posted on September 1, 2015 in Adware

Advanced Calendar

The Advanced Calendar program from MEIXIAN XIE is advertised to display more convenient calendar updates from Google and your system on your desktop. The layout of the Advanced Calendar is a transparent window in the bottom right corner of your desktop and can be operated from an icon in your tray area. At first look, the Advanced Calendar program may appear very useful but you may want to know that Advanced Calendar is supported by advertisers. They can use Advanced Calendar to inject advertisements in your browser, and you may see words made bold with links to sponsored content, pop-up windows, coupons, and discounts. Therefore, Advanced Calendar is deemed as a Potentially Unwanted Program (PUP) that may provide you with exciting calendar features but will load a number of ads in your Internet browser to earn affiliate revenue. The Advanced Calendar program may edit your Windows...

Posted on September 1, 2015 in Potentially Unwanted Programs Pop-Ups

The and domains should not be trusted because they are used to lead users to believe they are infected with PC threats. If you are presented with pop-up messages from and, then you are infected with adware that is being used by scammers to simulate notifications from your Windows Firewall. The pop-up windows from and are generated by and adware-powered application on your system that may have arrived incorporated with a free program installer from a suspicious software center. Adware applications often take the form of browser extensions named after popular online services to avoid raising suspicion, and you may want to check your extension manager for extensions that you did not install. The phone number 1-844-335-0525 listed on the...

Posted on September 1, 2015 in Adware Pop-Ups

The messages from that users may experience in their browser can be displayed by adware on your PC. The bolded domain name has the prefix 'newtest4pc' and is related to a browser hijacker using the domain. Security experts note that the adware linked to the domain uses JavaScript to bring up a message in your browser to urge you to update your Flash Player, and you should not trust it. The domain is not in any way related to the legitimate Adobe Flash Player software and is used by adware developers to invite users to install software like PlusTotal and iToolbox and earn affiliate revenue. You may want to know that the IP address of is related to that is not a safe domain and...

Posted on September 1, 2015 in Adware


The TrojanDownloader:AutoIt/Fadef malware is part of the AutoIt family of trojans that includes threats like Trojan.Win32.Autoit.aie , W32/AutoIt-JY , and Trojan:AutoIt/Kilim.A . TrojanDownloader:AutoIt/Fadef is written with the aim of aiding cyber criminals in delivering other malware to infected users. Computer infected with the TrojanDownloader:AutoIt/Fadef malware may be sluggish and exhibit system errors. Third parties that operate builds of the TrojanDownloader:AutoIt/Fadef malware could use it to install on your computer CryptoDefense and CrypVault ransomware and claim affiliate revenue. Another way to utilize the successful intrusion of the CrypVault malware is to use a keylogger like the GoldenKeylogger and the KeyBase Keylogger to steal your credentials for online banking portals and social networks. TrojanDownloader:AutoIt/Fadef is reported to place two files...

Posted on September 1, 2015 in Trojans


The SoftwareBundler:Win32/FakeDiX detection is used by security applications to notify users of a program installer that contains more than one program and may download other software without your consent. The SoftwareBundler:Win32/FakeDiX detection usually refers to an online installer that is not more than 5MB and may claim to install the latest version of the DirectX software. However, SoftwareBundler:Win32/FakeDiX will not download safe software and may install on your PC programs like SupTab and Orbitum . Additionally, the SoftwareBundler:Win32/FakeDiX program will place two DLL files named '_shfoldr' and 'idp' in your Temp folder to inject code into your browser. Keep in mind that SoftwareBundler:Win32/FakeDiX may connect to the Internet via insecure channels and change your default search engine to and that are associated with browser...

Posted on September 1, 2015 in Potentially Unwanted Programs


The ORX Locker software is a cloud-based software that is a ransomware building kit and is an example of the of the Ransomware-As-A-Service idea. Malware researchers point out that the simplicity and efficiency of the first RAAS building kit Tox revealed new possibilities for cryptomalware development and a new market may be forming before us. We should mention the Encryptor RAAS family of ransomware as it is the second generation software in this line of developing kits. The cryptomalware mentioned above has a common model of behavior namely allowing cyber criminals to mass produce and spread ransomware in exchange for a percentage of their earnings. The ORX locker makes another step further and employs advanced obfuscation techniques to evade security scans. A sample of ransomware made with ORX Locker reveals that it communicates with IP addresses belonging to trusted...

Posted on September 1, 2015 in Ransomware


LaSuperba is a web browser extension that may completely change the way your web browser behaves. Once LaSuperba is installed on a computer, it may inject numerous advertisements in the web browsers affected by its presence. The LaSuperba ads may show up on any web page you visit and having to close them constantly may significantly worsen your online experience. The LaSuperba advertising techniques are fairly aggressive, so this adware may cause you a lot of troubles and annoyances unless you remove it swiftly and efficiently. The LaSuperba adware may also use a tracking cookie to collect some information about your online habits like search queries, frequently visited websites, most used search engine and other information. The collected data may be used to improve LaSuperba's targeted advertising campaigns, which means that you may see LaSuperba ads that have been tailored...

Posted on August 31, 2015 in Adware


MovixHub is a dubious application that offers users the opportunity to stay up to date with the latest movies, trailers and news from the movie world. Avid movie lovers may be pleasantly surprised by the functionality of the MovixHub browser extension, but they may be disappointed to hear that by installing MovixHub they may experience some changes in the way their web browser behaves. For starters, the MovixHub browser extension may hijack the web client's configuration and manipulate its homepage and default search engine. Furthermore, the extension may inject MovixHub ads in the web browser, so that's another good reason you may want to think twice before accepting to install MovixHub. The MovixHub website offers users to install two of its official Chrome extensions – Search by MovixHub and MovixHub Start. Both of these serve similar purposes, and both of them may introduce...

Posted on August 31, 2015 in Adware

Advanced PC Care

Advanced PC Care is a potentially unwanted program that may be found useful by some users. The application is best described as a PC optimization tool that has the ability to scan, clean and optimize the Windows registry, modify Windows start-up items, control web browser extensions, and provide the user with access to several other neat features that may help them take better control over their system. Everything about Advanced PC Care would be great if it weren't for the questionable distribution and promotion techniques that its authors have adopted. The Advanced PC Care software may often be distributed via software bundles, so the significant fractions of this software's total installations may have occurred without the user's knowledge. Furthermore, once installed the Advanced PC Care software uses a trial version that includes a working scanner. However, the trial version is...

Posted on August 31, 2015 in Potentially Unwanted Programs
1 2 3 4 5 6 7 8 9 10 11 963