Top 10 der Malware Information Initiative (MII)

Total percentage of the top 10: 43.9 %

RankNamePercentage Malware distribution by percentage within the top 10
1Adware.BrowseFox.BU14.21 % Top10 Chart

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.173090 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Gen:Variant.Adware.Graftor.158883 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Win32.Application.OpenCandy.F is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

2Script.Adware.DealPly.G8.70 % Top10 Chart
3Gen:Variant.Adware.Graftor.1730906.34 % Top10 Chart
4Script.Application.Plush.D4.22 % Top10 Chart
5Gen:Variant.Adware.Graftor.1591342.61 % Top10 Chart
6Adware.RelevantKnowledge.A2.14 % Top10 Chart
7Win32.Adware.IObit.A1.57 % Top10 Chart
8Gen:Variant.Adware.Graftor.1588831.44 % Top10 Chart
9Win32.Application.OpenCandy.G1.42 % Top10 Chart
10Win32.Application.OpenCandy.F1.25 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 45.63 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G12.77 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Gen:Variant.Adware.Graftor.173090 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Gen:Variant.Adware.SwiftBrowse.8 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Application.OpenCandy.F is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

2Adware.BrowseFox.BU9.89 % Top10 Chart
3Gen:Variant.Adware.Graftor.1591344.06 % Top10 Chart
4Gen:Variant.Adware.Graftor.1730904.05 % Top10 Chart
5Script.Application.Plush.D3.82 % Top10 Chart
6Gen:Variant.Adware.SwiftBrowse.82.66 % Top10 Chart
7Adware.RelevantKnowledge.A2.65 % Top10 Chart
8Win32.Application.OpenCandy.G2.29 % Top10 Chart
9Win32.Adware.IObit.A2.07 % Top10 Chart
10Win32.Application.OpenCandy.F1.37 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 51.39 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Adware.Graftor.15932018.79 % Top10 Chart

Gen:Variant.Adware.Graftor.159320 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Gen:Variant.Adware.SwiftBrowse.4 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Adware.VisAdd.A is an adware bundled with legitimate software and it is installed on the system without the user's permission. The purpose of this PUP is to generate money for the author by showing advertisements, thanks to popups or hypertext links. This adware targets Microsoft’s Internet Explorer and Google Chrome.

2Script.Adware.DealPly.G11.40 % Top10 Chart
3Script.Application.Plush.D4.57 % Top10 Chart
4Adware.RelevantKnowledge.A3.25 % Top10 Chart
5Win32.Adware.Browserfox.H3.16 % Top10 Chart
6Gen:Variant.Adware.Graftor.1591342.28 % Top10 Chart
7Gen:Variant.Adware.SwiftBrowse.42.08 % Top10 Chart
8Win32.Application.OpenCandy.G2.08 % Top10 Chart
9Win32.Adware.IObit.A2.05 % Top10 Chart
10Script.Adware.VisAdd.A1.73 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 57.0 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Adware.Graftor.15932029.38 % Top10 Chart

Gen:Variant.Adware.Graftor.159320 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Gen:Variant.Adware.SwiftBrowse.4 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Script.Adware.VisAdd.A is an adware bundled with legitimate software and it is installed on the system without the user's permission. The purpose of this PUP is to generate money for the author by showing advertisements, thanks to popups or hypertext links. This adware targets Microsoft’s Internet Explorer and Google Chrome.

2Script.Adware.DealPly.G11.99 % Top10 Chart
3Gen:Variant.Adware.Graftor.1591343.31 % Top10 Chart
4Adware.RelevantKnowledge.A2.57 % Top10 Chart
5Win32.Adware.IObit.A2.38 % Top10 Chart
6Script.Application.Plush.D1.94 % Top10 Chart
7Gen:Variant.Adware.SwiftBrowse.41.58 % Top10 Chart
8Win32.Adware.Browserfox.H1.52 % Top10 Chart
9Win32.Application.OpenCandy.G1.23 % Top10 Chart
10Script.Adware.VisAdd.A1.10 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 60.49 %

RankNamePercentage Malware distribution by percentage within the top 10
1Win32.Adware.Browserfox.H19.83 % Top10 Chart

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.159320 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.Mindspark.C is a toolbar developed by the company called Mindspark Interactive Network located in USA. The toolbar displays pop-up advertisements onto the user's screen.
This Potential Unwanted Program is generally embedded as an extra into legitimate software and, most often, its installation is not properly communicated to the user.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Adware.VisAdd.A is an adware bundled with legitimate software and it is installed on the system without the user's permission. The purpose of this PUP is to generate money for the author by showing advertisements, thanks to popups or hypertext links. This adware targets Microsoft’s Internet Explorer and Google Chrome.

2Gen:Variant.Adware.Graftor.15932016.07 % Top10 Chart
3Script.Adware.DealPly.G10.78 % Top10 Chart
4Gen:Variant.Adware.Graftor.1591345.03 % Top10 Chart
5Win32.Adware.IObit.A2.30 % Top10 Chart
6Script.Application.Plush.D1.73 % Top10 Chart
7Adware.RelevantKnowledge.A1.66 % Top10 Chart
8Win32.Adware.Mindspark.C1.19 % Top10 Chart
9Win32.Adware.Conduit.B0.95 % Top10 Chart
10Script.Adware.VisAdd.A0.95 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 65.19 %

RankNamePercentage Malware distribution by percentage within the top 10
1Win32.Adware.Browserfox.H28.88 % Top10 Chart

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.BrowseFox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

This detection belongs to the category of potentially unwanted programs (PUP). It describes a variety of software (e.g. Zoomex, wxDfast, conTinuEtosave, etc.) which is starts as process after the installation and/or functions as browser plugin/BHO. This software comes with potentially unwanted functions, such as e.g. links to unknown websites within the folder “C:\Documents and Settings\All Users\Start Menu\Programs\{ApplicationName}”. The Software is often part of software packages that users load from thrid party websites and not directly from the original provider.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.159320 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.Mindspark.C is a toolbar developed by the company called Mindspark Interactive Network located in USA. The toolbar displays pop-up advertisements onto the user's screen.
This Potential Unwanted Program is generally embedded as an extra into legitimate software and, most often, its installation is not properly communicated to the user.

2Adware.BrowseFox.H13.47 % Top10 Chart
3Gen:Variant.Adware.Graftor.1591347.47 % Top10 Chart
4Adware.Mplug.AF4.36 % Top10 Chart
5Script.Adware.DealPly.G3.27 % Top10 Chart
6Gen:Variant.Adware.Graftor.1593202.46 % Top10 Chart
7Script.Application.Plush.D2.07 % Top10 Chart
8Adware.RelevantKnowledge.A1.23 % Top10 Chart
9Win32.Adware.Conduit.B1.01 % Top10 Chart
10Win32.Adware.Mindspark.C0.97 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 64.31 %

RankNamePercentage Malware distribution by percentage within the top 10
1Adware.Mplug.AF35.72 % Top10 Chart

This detection belongs to the category of potentially unwanted programs (PUP). It describes a variety of software (e.g. Zoomex, wxDfast, conTinuEtosave, etc.) which is starts as process after the installation and/or functions as browser plugin/BHO. This software comes with potentially unwanted functions, such as e.g. links to unknown websites within the folder “C:\Documents and Settings\All Users\Start Menu\Programs\{ApplicationName}”. The Software is often part of software packages that users load from thrid party websites and not directly from the original provider.

Adware.BrowseFox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.SwiftBrowse.1 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Gen:Variant.Adware.RelevantKnowledge.1 is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.Softonic.A is a potentially unwanted program (PUP). The adware targets browsers, such as Microsoft Internet Explorer, Google Chrome or Mozilla Firefox.
The symptom of an infection is the modification of the browser’s homepage, its default search engine and/or popups with advertisements. Softonic is the name of the company behind this application.

Win32.Application.Softpulse.F is a browser plugin for Microsoft’s Internet Explorer (BHO), Mozilla’s Firefox and Google’s Chrome. The infected browser displays unwanted advertisements, sponsored banners, in-text links, etc.
Furthermore, the security parameters of the browser are modified in order to allow cross site scripting, which poses a great risk for infected users. The application is developed by a company called Softpulse. The PUP is generally signed by a certificate owned by this company.

Win32.Application.OCSClient.C is a software monetization component. It is responsible for making various adware/PUP installation offers during the "installation" of a legitimate application a user actually wanted to install. It is used in the Chip-downloader from the Chip.de website.

Win32.Adware.OpenCandy.C is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Win32.Application.Iminent.E is a Potentially Unwanted Program (PUP). The program is used to display advertisements and spy on the user. This program collects data about the user and forwards this information to the owner of the software. The program is furthermore able to modify the behavior of the browser and to redirect the user from a legitimate website to an unwanted one. The home page and the default search engine are modified, too, in order to generate revenue for the owner of this application.

2Adware.BrowseFox.H13.01 % Top10 Chart
3Gen:Variant.Adware.SwiftBrowse.17.96 % Top10 Chart
4Script.Application.Plush.D2.66 % Top10 Chart
5Gen:Variant.Adware.RelevantKnowledge.11.72 % Top10 Chart
6Win32.Adware.Softonic.A0.83 % Top10 Chart
7Win32.Application.Softpulse.F0.69 % Top10 Chart
8Win32.Application.OCSClient.C0.66 % Top10 Chart
9Win32.Adware.OpenCandy.C0.53 % Top10 Chart
10Win32.Application.Iminent.E0.53 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 76.48 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Adware.SwiftBrowse.169.01 % Top10 Chart

Gen:Variant.Adware.SwiftBrowse.1 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Gen:Variant.Adware.Graftor.125313 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Application.JSLoadBrowserAddon.A is a JavaScript payload of malicious browser’s extensions. These extensions are available for browsers such as Google Chrome and Firefox. The purpose of these extensions is the injection of JavaScript into the current session of the user to show ads, banner and similar website modifications.

Gen:Variant.Adware.RelevantKnowledge.1 is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

NSIS.Adware.Crossrider.E is a potentially unwanted program (PUP). This application targets the user's browser (Microsoft Internet Explorer, Google Chrome or Mozilla Firefox). The program modifies the configuration of the browser, for example the home page or the default search engine. Furthermore, it installs additional extensions into the browser to spy on the user’s activities or it opens targeted advertisements.

Adware.BrowseFox.D is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Linkury.B is a browser extension for Internet Explorer, Firefox and Chrome. The extension is designed to shows ads, banners, coupons, inline text, comparison shopping…. Furthermore, the extension modifies the browser settings, such as changing the home page or default search engine.

This detection belongs to the category of potentially unwanted programs (PUP). It is a browser's toolbar called "Linkury SmartBar". This application collects information from the user in order to show targeted ads to him.

2Script.Application.Plush.D2.63 % Top10 Chart
3Gen:Variant.Adware.Graftor.1253131.29 % Top10 Chart
4Win32.Adware.Conduit.B0.95 % Top10 Chart
5Script.Application.JSLoadBrowserAddon.A0.58 % Top10 Chart
6Gen:Variant.Adware.RelevantKnowledge.10.49 % Top10 Chart
7NSIS.Adware.Crossrider.E0.44 % Top10 Chart
8Adware.BrowseFox.D0.43 % Top10 Chart
9Adware.Linkury.B0.34 % Top10 Chart
10Win32.Application.Linkury.A0.32 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 83.25 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Adware.SwiftBrowse.155.86 % Top10 Chart

Gen:Variant.Adware.SwiftBrowse.1 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Adware.BrowseFox.D is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Script.Application.JSLoadBrowserAddon.A is a JavaScript payload of malicious browser’s extensions. These extensions are available for browsers such as Google Chrome and Firefox. The purpose of these extensions is the injection of JavaScript into the current session of the user to show ads, banner and similar website modifications.

Gen:Variant.Adware.Graftor.125313 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

This detection belongs to the category of potentially unwanted programs (PUP). This application injects JavaScript in the browser in order to shows ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different names.

Win32.Application.Searchsuite.D is a detection for an ad-supported toolbar. This potentially unwanted program (PUP) is a browser plugin for Microsoft Internet Explorer (BHO), Mozilla Firefox and Google Chrome. This PUP modifies the browser configuration, such as the home page and the default search engine. The toolbar is used to generate profit for the attackers by displaying ads or sponsored links within the infected browser.

This detection belongs to the category of potentially unwanted programs (PUP). This application injects JavaScript in the browser in order to shows ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different names.

This detection belongs to the category of potentially unwanted programs (PUP). It is a browser's toolbar called "Linkury SmartBar". This application collects information from the user in order to show targeted ads to him.

This detection belongs to the category of potentially unwanted programs (PUP). This application injects JavaScript in the browser in order to shows ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different names.

Adware.Linkury.B is a browser extension for Internet Explorer, Firefox and Chrome. The extension is designed to shows ads, banners, coupons, inline text, comparison shopping…. Furthermore, the extension modifies the browser settings, such as changing the home page or default search engine.

2Adware.BrowseFox.D21.64 % Top10 Chart
3Script.Application.JSLoadBrowserAddon.A2.27 % Top10 Chart
4Gen:Variant.Adware.Graftor.1253130.80 % Top10 Chart
5Adware.SwiftBrowse.P0.76 % Top10 Chart
6Win32.Application.Searchsuite.D0.47 % Top10 Chart
7Adware.SwiftBrowse.AD0.42 % Top10 Chart
8Win32.Application.Linkury.A0.42 % Top10 Chart
9Adware.SwiftBrowse.AM0.33 % Top10 Chart
10Adware.Linkury.B0.28 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 88.11 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Adware.SwiftBrowse.178.86 % Top10 Chart

Gen:Variant.Adware.SwiftBrowse.1 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

This detection belongs to the category of potentially unwanted programs (PUP). This application injects JavaScript in the browser in order to shows ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different names.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

This detection belongs to the category of potentially unwanted programs (PUP). It is a browser's toolbar called "Linkury SmartBar". This application collects information from the user in order to show targeted ads to him.

Adware.Relevant.CC is the detection of software named „Relevant Knowledge“. It analyses the user’s computer usage activity, which may include monitoring the web surfing activities or data filled into web forms. The software also may present the user with surveys, occasionally. The software is often unknowingly installed as part of a software bundle. This software is declared as potentially unwanted.

Script.Application.JSLoadBrowserAddon.A is a JavaScript payload of malicious browser’s extensions. These extensions are available for browsers such as Google Chrome and Firefox. The purpose of these extensions is the injection of JavaScript into the current session of the user to show ads, banner and similar website modifications.

Adware.Linkury.B is a browser extension for Internet Explorer, Firefox and Chrome. The extension is designed to shows ads, banners, coupons, inline text, comparison shopping…. Furthermore, the extension modifies the browser settings, such as changing the home page or default search engine.

Gen:Variant.Adware.Graftor.125313 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

This detection belongs to the category of potentially unwanted programs (PUP). This application injects JavaScript in the browser in order to shows ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different names.

This detection belongs to the category of potentially unwanted programs (PUP). This application injects JavaScript in the browser in order to shows ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different names.

2Adware.SwiftBrowse.P3.75 % Top10 Chart
3Script.Application.Plush.D1.74 % Top10 Chart
4Win32.Application.Linkury.A0.82 % Top10 Chart
5Adware.Relevant.CC0.76 % Top10 Chart
6Script.Application.JSLoadBrowserAddon.A0.62 % Top10 Chart
7Adware.Linkury.B0.44 % Top10 Chart
8Gen:Variant.Adware.Graftor.1253130.43 % Top10 Chart
9Adware.SwiftBrowse.AD0.38 % Top10 Chart
10Adware.SwiftBrowse.V0.31 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 76.68 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Adware.SwiftBrowse.145.76 % Top10 Chart

Gen:Variant.Adware.SwiftBrowse.1 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

This detection belongs to the category of potentially unwanted programs (PUP). This application injects JavaScript in the browser in order to shows ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different names.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

This detection belongs to the category of potentially unwanted programs (PUP). It is a browser's toolbar called "Linkury SmartBar". This application collects information from the user in order to show targeted ads to him.

Adware.Relevant.CC is the detection of software named „Relevant Knowledge“. It analyses the user’s computer usage activity, which may include monitoring the web surfing activities or data filled into web forms. The software also may present the user with surveys, occasionally. The software is often unknowingly installed as part of a software bundle. This software is declared as potentially unwanted.

Script.Application.JSLoadBrowserAddon.A is a JavaScript payload of malicious browser’s extensions. These extensions are available for browsers such as Google Chrome and Firefox. The purpose of these extensions is the injection of JavaScript into the current session of the user to show ads, banner and similar website modifications.

This detection belongs to the category of potentially unwanted programs (PUP). This application injects JavaScript in the browser in order to shows ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different names.

Script.Application.ResultsAlpha.D is a JavaScript, used to display the ad pop-ups after the computer has been infected with Win32.Application.ResultsAlpha.B.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

This detection belongs to the category of potentially unwanted programs (PUP). It describes the alleged system helper RegClean Pro which is considered to be scareware. The Software is often part of software packages that users load from third party websites and not directly from the original provider.
RegClean Pro allegedly performs system scans and displays the results, several critical errors, to the user who then needs to buy the software to repair the imaginary errors. We do not recommend the usage or purchase of this software. Further information can be found in our G Data SecurityBlog: http://goo.gl/UafSeQ

2Adware.SwiftBrowse.B14.85 % Top10 Chart
3Script.Application.Plush.D3.88 % Top10 Chart
4Win32.Application.Linkury.A3.01 % Top10 Chart
5Adware.Relevant.CC2.46 % Top10 Chart
6Script.Application.JSLoadBrowserAddon.A2.27 % Top10 Chart
7Adware.SwiftBrowse.P1.78 % Top10 Chart
8Script.Application.ResultsAlpha.D1.60 % Top10 Chart
9Win32.Application.SearchProtect.V0.57 % Top10 Chart
10Win32.Application.RegCleanPro.A0.50 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.