Top 10 der Malware Information Initiative (MII)

Total percentage of the top 10: 44.9 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G24.53 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Adware.OpenCandy.C is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Gen:Variant.Adware.Graftor.200035 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Gen:Variant.Adware.Graftor.197348 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Application.BrowseFox.R is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

2Script.Application.Plush.D5.58 % Top10 Chart
3Adware.BrowseFox.BU5.21 % Top10 Chart
4Win32.Adware.OpenCandy.C2.51 % Top10 Chart
5Gen:Variant.Adware.Graftor.2000351.29 % Top10 Chart
6Gen:Variant.Adware.Graftor.1973481.20 % Top10 Chart
7Win32.Adware.IObit.A1.17 % Top10 Chart
8Win32.Application.BrowseFox.R1.15 % Top10 Chart
9Win32.Adware.Browserfox.H1.13 % Top10 Chart
10Win32.Application.OpenCandy.G1.13 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 50.54 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G25.01 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Win32.Adware.OpenCandy.C is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Win32.Application.BrowseFox.R is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

2Adware.BrowseFox.BU7.88 % Top10 Chart
3Script.Application.Plush.D7.39 % Top10 Chart
4Win32.Adware.OpenCandy.C3.34 % Top10 Chart
5Win32.Application.BrowseFox.R1.49 % Top10 Chart
6Win32.Adware.IObit.A1.25 % Top10 Chart
7Win32.Application.OpenCandy.G1.09 % Top10 Chart
8Win32.Application.Dealply.H1.04 % Top10 Chart
9Gen:Variant.Adware.Graftor.1591341.03 % Top10 Chart
10Win32.Adware.Conduit.B1.02 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 50.98 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G21.36 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.173090 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Adware.BrowseFox.CX is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Adware.RelevantKnowledge.B is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

2Adware.BrowseFox.BU7.23 % Top10 Chart
3Script.Application.Plush.D7.06 % Top10 Chart
4Win32.Application.Dealply.H4.46 % Top10 Chart
5Gen:Variant.Adware.Graftor.1730903.93 % Top10 Chart
6Adware.BrowseFox.CX2.15 % Top10 Chart
7Win32.Application.OpenCandy.G1.42 % Top10 Chart
8Gen:Variant.Adware.Graftor.1591341.17 % Top10 Chart
9Win32.Adware.IObit.A1.14 % Top10 Chart
10Adware.RelevantKnowledge.B1.06 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 45.72 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G18.05 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.173090 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Its task is to manipulate search engine results in web browsers to lead users to click on the manipulated results and therefore generate money for the attackers (pay per click ads). These file was usually dropped in “%Windows%\Installer\{GUID}\U\”. It monitors Internet traffic and hijacks the browser session in case it encounters one of several predefined URLs.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Adware.RelevantKnowledge.B is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

2Adware.BrowseFox.BU8.95 % Top10 Chart
3Gen:Variant.Adware.Graftor.1730904.83 % Top10 Chart
4Script.Application.Plush.D4.65 % Top10 Chart
5Gen:Variant.Adware.Kazy.5667482.32 % Top10 Chart
6Adware.RelevantKnowledge.A1.57 % Top10 Chart
7Adware.RelevantKnowledge.B1.53 % Top10 Chart
8Gen:Variant.Adware.Graftor.1591341.44 % Top10 Chart
9Win32.Adware.IObit.A1.22 % Top10 Chart
10Win32.Application.OpenCandy.G1.16 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 43.9 %

RankNamePercentage Malware distribution by percentage within the top 10
1Adware.BrowseFox.BU14.21 % Top10 Chart

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.173090 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Gen:Variant.Adware.Graftor.158883 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Win32.Application.OpenCandy.F is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

2Script.Adware.DealPly.G8.70 % Top10 Chart
3Gen:Variant.Adware.Graftor.1730906.34 % Top10 Chart
4Script.Application.Plush.D4.22 % Top10 Chart
5Gen:Variant.Adware.Graftor.1591342.61 % Top10 Chart
6Adware.RelevantKnowledge.A2.14 % Top10 Chart
7Win32.Adware.IObit.A1.57 % Top10 Chart
8Gen:Variant.Adware.Graftor.1588831.44 % Top10 Chart
9Win32.Application.OpenCandy.G1.42 % Top10 Chart
10Win32.Application.OpenCandy.F1.25 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 45.63 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G12.77 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Gen:Variant.Adware.Graftor.173090 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Gen:Variant.Adware.SwiftBrowse.8 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Application.OpenCandy.F is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

2Adware.BrowseFox.BU9.89 % Top10 Chart
3Gen:Variant.Adware.Graftor.1591344.06 % Top10 Chart
4Gen:Variant.Adware.Graftor.1730904.05 % Top10 Chart
5Script.Application.Plush.D3.82 % Top10 Chart
6Gen:Variant.Adware.SwiftBrowse.82.66 % Top10 Chart
7Adware.RelevantKnowledge.A2.65 % Top10 Chart
8Win32.Application.OpenCandy.G2.29 % Top10 Chart
9Win32.Adware.IObit.A2.07 % Top10 Chart
10Win32.Application.OpenCandy.F1.37 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 51.39 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Adware.Graftor.15932018.79 % Top10 Chart

Gen:Variant.Adware.Graftor.159320 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Gen:Variant.Adware.SwiftBrowse.4 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Adware.VisAdd.A is an adware bundled with legitimate software and it is installed on the system without the user's permission. The purpose of this PUP is to generate money for the author by showing advertisements, thanks to popups or hypertext links. This adware targets Microsoft’s Internet Explorer and Google Chrome.

2Script.Adware.DealPly.G11.40 % Top10 Chart
3Script.Application.Plush.D4.57 % Top10 Chart
4Adware.RelevantKnowledge.A3.25 % Top10 Chart
5Win32.Adware.Browserfox.H3.16 % Top10 Chart
6Gen:Variant.Adware.Graftor.1591342.28 % Top10 Chart
7Gen:Variant.Adware.SwiftBrowse.42.08 % Top10 Chart
8Win32.Application.OpenCandy.G2.08 % Top10 Chart
9Win32.Adware.IObit.A2.05 % Top10 Chart
10Script.Adware.VisAdd.A1.73 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 57.0 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Adware.Graftor.15932029.38 % Top10 Chart

Gen:Variant.Adware.Graftor.159320 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Gen:Variant.Adware.SwiftBrowse.4 is the detection for a potentially unwanted program (PUP). This application injects JavaScript into the browser in order to show ads, banners, coupons, inline text, comparison shopping… This application can have several names such as WebGet, BetterBrowse, EnhanceTonic, etc. We detected more than 80 different file name variations.

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Script.Adware.VisAdd.A is an adware bundled with legitimate software and it is installed on the system without the user's permission. The purpose of this PUP is to generate money for the author by showing advertisements, thanks to popups or hypertext links. This adware targets Microsoft’s Internet Explorer and Google Chrome.

2Script.Adware.DealPly.G11.99 % Top10 Chart
3Gen:Variant.Adware.Graftor.1591343.31 % Top10 Chart
4Adware.RelevantKnowledge.A2.57 % Top10 Chart
5Win32.Adware.IObit.A2.38 % Top10 Chart
6Script.Application.Plush.D1.94 % Top10 Chart
7Gen:Variant.Adware.SwiftBrowse.41.58 % Top10 Chart
8Win32.Adware.Browserfox.H1.52 % Top10 Chart
9Win32.Application.OpenCandy.G1.23 % Top10 Chart
10Script.Adware.VisAdd.A1.10 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 60.49 %

RankNamePercentage Malware distribution by percentage within the top 10
1Win32.Adware.Browserfox.H19.83 % Top10 Chart

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.159320 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

Win32.Adware.Mindspark.C is a toolbar developed by the company called Mindspark Interactive Network located in USA. The toolbar displays pop-up advertisements onto the user's screen.
This Potential Unwanted Program is generally embedded as an extra into legitimate software and, most often, its installation is not properly communicated to the user.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Adware.VisAdd.A is an adware bundled with legitimate software and it is installed on the system without the user's permission. The purpose of this PUP is to generate money for the author by showing advertisements, thanks to popups or hypertext links. This adware targets Microsoft’s Internet Explorer and Google Chrome.

2Gen:Variant.Adware.Graftor.15932016.07 % Top10 Chart
3Script.Adware.DealPly.G10.78 % Top10 Chart
4Gen:Variant.Adware.Graftor.1591345.03 % Top10 Chart
5Win32.Adware.IObit.A2.30 % Top10 Chart
6Script.Application.Plush.D1.73 % Top10 Chart
7Adware.RelevantKnowledge.A1.66 % Top10 Chart
8Win32.Adware.Mindspark.C1.19 % Top10 Chart
9Win32.Adware.Conduit.B0.95 % Top10 Chart
10Script.Adware.VisAdd.A0.95 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 65.19 %

RankNamePercentage Malware distribution by percentage within the top 10
1Win32.Adware.Browserfox.H28.88 % Top10 Chart

Win32.Adware.Browserfox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.BrowseFox.H is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Gen:Variant.Adware.Graftor.159134 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

This detection belongs to the category of potentially unwanted programs (PUP). It describes a variety of software (e.g. Zoomex, wxDfast, conTinuEtosave, etc.) which is starts as process after the installation and/or functions as browser plugin/BHO. This software comes with potentially unwanted functions, such as e.g. links to unknown websites within the folder “C:\Documents and Settings\All Users\Start Menu\Programs\{ApplicationName}”. The Software is often part of software packages that users load from thrid party websites and not directly from the original provider.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Gen:Variant.Adware.Graftor.159320 is the detection of potentially unwanted programs (PUP) which changes the browser's settings to generate monetary profit for the attackers. They change the browser's start page as well as the custom set search engine. Furthermore, they display additional ad banners and pop-ups within the browser. The software blocks the browser, so the user can hardly reset the settings the PUP made.
The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

Win32.Adware.Mindspark.C is a toolbar developed by the company called Mindspark Interactive Network located in USA. The toolbar displays pop-up advertisements onto the user's screen.
This Potential Unwanted Program is generally embedded as an extra into legitimate software and, most often, its installation is not properly communicated to the user.

2Adware.BrowseFox.H13.47 % Top10 Chart
3Gen:Variant.Adware.Graftor.1591347.47 % Top10 Chart
4Adware.Mplug.AF4.36 % Top10 Chart
5Script.Adware.DealPly.G3.27 % Top10 Chart
6Gen:Variant.Adware.Graftor.1593202.46 % Top10 Chart
7Script.Application.Plush.D2.07 % Top10 Chart
8Adware.RelevantKnowledge.A1.23 % Top10 Chart
9Win32.Adware.Conduit.B1.01 % Top10 Chart
10Win32.Adware.Mindspark.C0.97 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.