Malware Information Initiative (MII): Top 10

Total percentage of the top 10: 21.33 %

RankNamePercentage Malware distribution by percentage within the top 10
1Win32.Application.OpenCandy.G3.50 % Top10 Chart

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Script.Application.InstallCore.HL is the signature name of a installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.Agent.I7PJG3 is the detection or a downloader that does not only download legitimate software but also adds potentially unwanted programs (PUP).
The goal: the potentially unwanted extras should also be installed on the affected computer, in most cases without proper user consent. Its main purpose is to generate revenue by displaying advertisements and more.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

This detections stands for a part of a backdoor which is supposed to ensure attackers' long-term access to an infected system. The malware disables the Microsoft-Windows-LUA function. This means that it can download further components and execute them with elevated privileges without any notification to the user. Furthermore, it adds itself as a service to the system and creates a respective auto start entry to remain persistent in the system, e.g. to survive a reboot. The malware disguises as popular program, e.g. using an iTunes icon, or as Windows system file.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Adware.RelevantKnowledge.A is a potentially unwanted program (PUP). The purpose of this application is to analyse the user's browser activity and send data to the persons behind this PUP. Then, these persons are able to sell the data to third parties. Usually, RelevantKnowledge comes packed with legitimate programs, which are often downloaded from third party sites instead of the original publisher’s site. This program adds an icon to the infected computer’s task bar.

2Script.Application.InstallCore.HL3.06 % Top10 Chart
3Script.Adware.DealPly.G2.88 % Top10 Chart
4Win32.Application.Agent.I7PJG32.27 % Top10 Chart
5Gen:Adware.BrowseFox.12.11 % Top10 Chart
6Gen:Variant.Graftor.97182.06 % Top10 Chart
7Gen:Variant.Application.Bundler.DownloadGuide.241.68 % Top10 Chart
8Gen:Variant.Application.Bundler.DownloadGuide.111.60 % Top10 Chart
9Win32.Adware.IObit.A1.17 % Top10 Chart
10Adware.RelevantKnowledge.A1.00 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 22.59 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Application.Bundler.DownloadGuide.114.43 % Top10 Chart

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

This detections stands for a part of a backdoor which is supposed to ensure attackers' long-term access to an infected system. The malware disables the Microsoft-Windows-LUA function. This means that it can download further components and execute them with elevated privileges without any notification to the user. Furthermore, it adds itself as a service to the system and creates a respective auto start entry to remain persistent in the system, e.g. to survive a reboot. The malware disguises as popular program, e.g. using an iTunes icon, or as Windows system file.

Script.Application.InstallCore.HL is the signature name of a installCore bundle adware installer that uses "Inno Setup". They are distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
But, the primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Script.Application.InstallCore.FE is the detection name for bundle installers distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
The primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

Win32.Application.Agent.I7PJG3 is the detection or a downloader that does not only download legitimate software but also adds potentially unwanted programs (PUP).
The goal: the potentially unwanted extras should also be installed on the affected computer, in most cases without proper user consent. Its main purpose is to generate revenue by displaying advertisements and more.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

2Script.Adware.DealPly.G3.55 % Top10 Chart
3Win32.Application.OpenCandy.G3.07 % Top10 Chart
4Gen:Variant.Graftor.97182.41 % Top10 Chart
5Script.Application.InstallCore.HL2.22 % Top10 Chart
6Gen:Adware.BrowseFox.11.95 % Top10 Chart
7Script.Application.InstallCore.FE1.51 % Top10 Chart
8Win32.Application.Agent.I7PJG31.40 % Top10 Chart
9Win32.Adware.IObit.A1.04 % Top10 Chart
10Win32.Application.OpenCandy.O1.01 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 23.87 %

RankNamePercentage Malware distribution by percentage within the top 10
1Gen:Variant.Application.Bundler.DownloadGuide.115.20 % Top10 Chart

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

This detections stands for a part of a backdoor which is supposed to ensure attackers' long-term access to an infected system. The malware disables the Microsoft-Windows-LUA function. This means that it can download further components and execute them with elevated privileges without any notification to the user. Furthermore, it adds itself as a service to the system and creates a respective auto start entry to remain persistent in the system, e.g. to survive a reboot. The malware disguises as popular program, e.g. using an iTunes icon, or as Windows system file.

Script.Application.InstallCore.FE is the detection name for bundle installers distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
The primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

This detection belongs to the category of potentially unwanted programs (PUP). It describes alleged system helpers, named BrowserProtect, BrowserProtector, Search Protect, BrowserDefender, BrowserManager or similar, which often come bundled with potentially unwanted extras. In many cases, the third party software packet providers earn money for each install (pay per install). The toolbars, signed by Conduit, change the browser start page and the default search engine permanently and also prepare the browser to show targeted ads. The Software is often part of software packages that users load from third party websites and not directly from the original provider.

NSIS.Application.OpenCandy.B is the detection for a potentially unwanted program (PUP) going by the name of OpenCandy. In this case, it comes bundled with an installer for ImgBurn, a software to burn CDs and DVDs.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine. The purpose of the modification: generate revenue by displaying advertisements.

2Script.Adware.DealPly.G4.72 % Top10 Chart
3Win32.Application.OpenCandy.G3.10 % Top10 Chart
4Gen:Adware.BrowseFox.12.43 % Top10 Chart
5Gen:Variant.Graftor.97182.29 % Top10 Chart
6Script.Application.InstallCore.FE2.02 % Top10 Chart
7Win32.Application.OpenCandy.O1.36 % Top10 Chart
8Win32.Adware.IObit.A1.11 % Top10 Chart
9Win32.Adware.Conduit.B0.90 % Top10 Chart
10NSIS.Application.OpenCandy.B0.74 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 22.52 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G4.93 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Script.Application.InstallCore.FE is the detection name for bundle installers distributed by various third parties. They usually pretend to offer a legitimate installer for popular software, media or cracks.
The primary objective is to deliver bundled adware/PUP without proper user consent. The bundled software depends on the current campaigns and can range from real security software to fake security software.

This detections stands for a part of a backdoor which is supposed to ensure attackers' long-term access to an infected system. The malware disables the Microsoft-Windows-LUA function. This means that it can download further components and execute them with elevated privileges without any notification to the user. Furthermore, it adds itself as a service to the system and creates a respective auto start entry to remain persistent in the system, e.g. to survive a reboot. The malware disguises as popular program, e.g. using an iTunes icon, or as Windows system file.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Adware.Searchprotect.AT is the detection of a pre-installed version of Conduit Search Protect on Lenovo computers. Conduit Search Protect belongs to the category of potentially unwanted programs (PUP).
The user is allowed to change this variant's settings, but he is initially made to use the pre-settings the distributor wishes him to use.

NSIS.Application.OpenCandy.B is the detection for a potentially unwanted program (PUP) going by the name of OpenCandy. In this case, it comes bundled with an installer for ImgBurn, a software to burn CDs and DVDs.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine. The purpose of the modification: generate revenue by displaying advertisements.

2Gen:Variant.Application.Bundler.DownloadGuide.114.28 % Top10 Chart
3Win32.Application.OpenCandy.G3.00 % Top10 Chart
4Gen:Adware.BrowseFox.12.55 % Top10 Chart
5Script.Application.InstallCore.FE1.82 % Top10 Chart
6Gen:Variant.Graftor.97181.45 % Top10 Chart
7Win32.Application.OpenCandy.O1.38 % Top10 Chart
8Win32.Adware.IObit.A1.32 % Top10 Chart
9Adware.Searchprotect.AT0.95 % Top10 Chart
10NSIS.Application.OpenCandy.B0.84 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 21.66 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G5.37 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

This detections stands for a part of a backdoor which is supposed to ensure attackers' long-term access to an infected system. The malware disables the Microsoft-Windows-LUA function. This means that it can download further components and execute them with elevated privileges without any notification to the user. Furthermore, it adds itself as a service to the system and creates a respective auto start entry to remain persistent in the system, e.g. to survive a reboot. The malware disguises as popular program, e.g. using an iTunes icon, or as Windows system file.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Adware.Searchprotect.AT is the detection of a pre-installed version of Conduit Search Protect on Lenovo computers. Conduit Search Protect belongs to the category of potentially unwanted programs (PUP).
The user is allowed to change this variant's settings, but he is initially made to use the pre-settings the distributor wishes him to use.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

NSIS.Application.OpenCandy.B is the detection for a potentially unwanted program (PUP) going by the name of OpenCandy. In this case, it comes bundled with an installer for ImgBurn, a software to burn CDs and DVDs.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine. The purpose of the modification: generate revenue by displaying advertisements.

2Win32.Application.OpenCandy.G3.07 % Top10 Chart
3Gen:Adware.BrowseFox.13.04 % Top10 Chart
4Gen:Variant.Application.Bundler.DownloadGuide.112.92 % Top10 Chart
5Win32.Application.OpenCandy.O1.57 % Top10 Chart
6Gen:Variant.Graftor.97181.55 % Top10 Chart
7Win32.Adware.IObit.A1.26 % Top10 Chart
8Adware.Searchprotect.AT1.06 % Top10 Chart
9Adware.BrowseFox.BU0.93 % Top10 Chart
10NSIS.Application.OpenCandy.B0.89 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 23.18 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G6.22 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …

The detection Win32.Application.ThunderN.A shows that a potentially unwanted program (PUP) has been identified on the computer or is about to be installed. ThunderN stands for the company name ShenZhen Thunder Networking Technologies Ltd., which distributes a number of programs with potentially unwanted additions. The use of opt-out practices, installation of browser add-ons and the change of the browser's start page are only a few reasons that classify the respective software as PUP.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

This detections stands for a part of a backdoor which is supposed to ensure attackers' long-term access to an infected system. The malware disables the Microsoft-Windows-LUA function. This means that it can download further components and execute them with elevated privileges without any notification to the user. Furthermore, it adds itself as a service to the system and creates a respective auto start entry to remain persistent in the system, e.g. to survive a reboot. The malware disguises as popular program, e.g. using an iTunes icon, or as Windows system file.

2Win32.Application.OpenCandy.G3.28 % Top10 Chart
3Gen:Adware.BrowseFox.13.27 % Top10 Chart
4Gen:Variant.Application.Bundler.DownloadGuide.112.44 % Top10 Chart
5Win32.Application.OpenCandy.O1.67 % Top10 Chart
6Adware.BrowseFox.BU1.45 % Top10 Chart
7Adware.Agent.PJT1.28 % Top10 Chart
8Win32.Application.ThunderN.A1.28 % Top10 Chart
9Win32.Adware.IObit.A1.20 % Top10 Chart
10Gen:Variant.Graftor.97181.09 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 25.37 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G8.84 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Malware.Redirector.AA is code that attackers install on e.g. hacked webservers. They embed this code into websites lying on those servers. Its purpose is to automatically redirect website visitors to websites with malicious content., e.g. exploits. The URLs the visitor is redirected to are obfuscated.

The detection Win32.Application.ThunderN.A shows that a potentially unwanted program (PUP) has been identified on the computer or is about to be installed. ThunderN stands for the company name ShenZhen Thunder Networking Technologies Ltd., which distributes a number of programs with potentially unwanted additions. The use of opt-out practices, installation of browser add-ons and the change of the browser's start page are only a few reasons that classify the respective software as PUP.

This detection is shown for an installer of the company Freemium GmbH. The company offers bundling of software with additional products. The resulting installer does not only bring the software initially desired but also potentially unwanted programs as an addition.

2Gen:Adware.BrowseFox.13.14 % Top10 Chart
3Win32.Application.OpenCandy.G3.08 % Top10 Chart
4Adware.BrowseFox.BU1.91 % Top10 Chart
5Adware.Agent.PJT1.73 % Top10 Chart
6Win32.Application.OpenCandy.O1.53 % Top10 Chart
7Win32.Adware.IObit.A1.38 % Top10 Chart
8Script.Malware.Redirector.AA1.38 % Top10 Chart
9Win32.Application.ThunderN.A1.28 % Top10 Chart
10Gen:Variant.Application.Bundler.DownloadGuide.111.10 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 28.01 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G10.90 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

NSIS.Application.OpenCandy.B is the detection for a potentially unwanted program (PUP) going by the name of OpenCandy. In this case, it comes bundled with an installer for ImgBurn, a software to burn CDs and DVDs.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine. The purpose of the modification: generate revenue by displaying advertisements.

Script.Malware.Redirector.AA is code that attackers install on e.g. hacked webservers. They embed this code into websites lying on those servers. Its purpose is to automatically redirect website visitors to websites with malicious content., e.g. exploits. The URLs the visitor is redirected to are obfuscated.

In case the scanner detects something as Win32.Adware.StartpageLnk.A@gen, a potentially unwanted program (PUP) has changed the start page parameters of Google's Chrome, Mozilla's Firefox and/or Microsoft's Internet Explorer. The changes have not (only) been made within the browser but within the browser's Windows shortcut. Shortcuts to programs are usually created on the Desktop, e.g. to open a new browser window. A click onto such a manipulated shortcut then opens a website as start page which the PUP inserted and not the start page the user usually wishes to see. Opening the PUP's start page generates profit for the evildoers.

2Win32.Application.OpenCandy.G3.37 % Top10 Chart
3Gen:Adware.BrowseFox.13.01 % Top10 Chart
4Adware.BrowseFox.BU2.38 % Top10 Chart
5Adware.Agent.PJT2.23 % Top10 Chart
6Win32.Adware.IObit.A1.72 % Top10 Chart
7Win32.Application.OpenCandy.O1.47 % Top10 Chart
8NSIS.Application.OpenCandy.B0.98 % Top10 Chart
9Script.Malware.Redirector.AA0.98 % Top10 Chart
10Win32.Adware.StartpageLnk.A@gen0.97 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 32.94 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G15.21 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Script.Spyware.Skrum.A is an add-on for Mozilla's Firefox browser. It gets installed without the user's permission. It sends reports about other add-ons installed in Firefox to the outside; therefore spies on the user.

Script.Malware.Redirector.AA is code that attackers install on e.g. hacked webservers. They embed this code into websites lying on those servers. Its purpose is to automatically redirect website visitors to websites with malicious content., e.g. exploits. The URLs the visitor is redirected to are obfuscated.

2Win32.Application.OpenCandy.G3.11 % Top10 Chart
3Gen:Adware.BrowseFox.12.66 % Top10 Chart
4Win32.Adware.IObit.A2.35 % Top10 Chart
5Script.Application.Plush.D2.33 % Top10 Chart
6Adware.BrowseFox.BU2.01 % Top10 Chart
7Adware.Agent.PJT1.86 % Top10 Chart
8Win32.Application.OpenCandy.O1.44 % Top10 Chart
9Script.Spyware.Skrum.A1.08 % Top10 Chart
10Script.Malware.Redirector.AA0.89 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.

Total percentage of the top 10: 37.47 %

RankNamePercentage Malware distribution by percentage within the top 10
1Script.Adware.DealPly.G19.45 % Top10 Chart

The malware family DealPly belongs to the category Adware. This tool is often bundled with some third-party installation program and thereby possibly unintentionally installed by the user (Potentially Unwanted Program = PUP). The tool installs itself as browser helper object (BHO)/extension/add-on to the popular browsers if any of these is installed. DealPly monitors browsed pages for displaying advertisements of deals for various products and businesses, like discount coupons, on every page the user visits.

Win32.Application.OpenCandy.G is a Potentially Unwanted Program (PUP). It is installed alongside various legitimate freeware like DVD player, PDF reader, archiver and more, which have been bundled with the unwanted extra. The software detected as Win32.Application.OpenCandy.G is developed by SweetLabs, a company based in San Diego, USA. This PUP modifies the browser’s behavior, by changing its home page and search engine settings, it redirects the user to potentially unwanted websites and also displays pop-ups. The purpose of the modification: generate revenue by displaying advertisements.

Script.Application.Plush.D is a JavaScript used by Gen:Adware.Plush.1. It injects ad banners and pop-ups with ads into the browser.
As one example, we have seen it disguised in an application which promises the user to automatically switch the quality of all videos viewed on popular online platforms to HD. Instead, it will show ads in various forms.

BrowseFox is an adware family which disguises in many different programs, such as SwiftBrowse, MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …
Those programs are usually installed without proper user consent, via third party installers. It installs add-ons to Microsoft's Internet Explorer, Mozilla Firefox and Google Chrome but also installs a local proxy, a driver and a service. BrowseFox and its variants also change the browser's start page and search engine. Advertisements are injected into websites the user visits but also on the start page as well as in pop-ups.

Adware.BrowseFox.BU is the detection of a potentially unwanted program (PUP). It installs plug-ins into Microsoft's Internet Explorer and Google's Chrome, which changes the browsers' settings to generate profit for the attackers. The plug-ins change the start page and the default search engine as well as the browsers' security settings to prepare the browser for the following actions: During the browser use, JavaScripts are injected into the visited websites, to show advertisements.

Script.Spyware.Skrum.A is an add-on for Mozilla's Firefox browser. It gets installed without the user's permission. It sends reports about other add-ons installed in Firefox to the outside; therefore spies on the user.

Adware.Agent.PJT is the detection of a potentially unwanted program (PUP), especially browser add-ons. They are brought onto the machines via e.g. installers like Opencandy, Installcore or similar packages. The software changes the browser's start page as well as the user's default search engine and also the browser's security settings. This ensures the possibility to inject ads into the visited websites. Futhermore, services and drivers are installed to ensure control of the network traffic and remain on the PC (persistence).
Some examples of such software: MarketResearchHelper, SmarterPower, CommonShare, MegaBrowse, SpecialBox, NetCrawl, ClearThink, JumpFlip, BringStar, SmarterPower, WiseEnhance, EnterDigital, FramedDisplay, DigiHelp, RockTurner, InfiniNet, …

Win32.Adware.IObit.A is a rogue spyware removal tool. The author of the tool tries to persuade the user to buy the full version of the tool. To scare the user, the application displays popups which suggest that the machine is infected with several malware families, even if the machine is perfectly clean. The user must pay for the full version in order to clean the unreal malware.

Win32.Adware.OpenCandy.O is a Potentially Unwanted Program (PUP). This program is included in other legitimate applications in order to generate money for the distributor by showing advertisements. The application is developed by a company called OpenCandy.
This application modifies the browser’s behavior by changing its home page and the search engine. Ad Pop-ups are displayed to the user of the infected machine.

Script.Malware.Redirector.AA is code that attackers install on e.g. hacked webservers. They embed this code into websites lying on those servers. Its purpose is to automatically redirect website visitors to websites with malicious content., e.g. exploits. The URLs the visitor is redirected to are obfuscated.

2Win32.Application.OpenCandy.G3.35 % Top10 Chart
3Script.Application.Plush.D2.78 % Top10 Chart
4Gen:Adware.BrowseFox.12.32 % Top10 Chart
5Adware.BrowseFox.BU1.97 % Top10 Chart
6Script.Spyware.Skrum.A1.89 % Top10 Chart
7Adware.Agent.PJT1.79 % Top10 Chart
8Win32.Adware.IObit.A1.68 % Top10 Chart
9Win32.Application.OpenCandy.O1.33 % Top10 Chart
10Script.Malware.Redirector.AA0.91 % Top10 Chart

Methodology

The Malware Information Initiative (MII) relies on the power of the online community and any customer that purchases a G DATA security solution can take part in this initiative. The prerequisite for this is that they must have activated this function in their G DATA program. If a computer malware attack is fended off, a completely anonymous report of this event is sent to G DATA SecurityLabs. The data about the malware is collected and statistically assessed by G DATA SecurityLabs.