SOURCE: Sunbelt Software

December 04, 2006 10:16 ET

Sunbelt Software Announces Top Ten Spyware Threats for November

Stats From Leading Windows Security Provider Show Trojan Downloader.Zlob.Media-Codec as Last Month's Most Prevalent Threat

CLEARWATER, FL -- (MARKET WIRE) -- December 4, 2006 -- Sunbelt Software, a leading provider of Windows security software, today announced the top ten most prevalent spyware threats for the month of November. The results are based on monthly scans performed by Sunbelt's award-winning antispyware product CounterSpy™.

The top ten most prevalent spyware threats for the month of October are:

1.      Trojan-Downloader.Zlob.Media-Codec      1.67 %

2.      DesktopScam                             1.43 %

3.      Trojan.Smitfraud                        0.71 %

4.      SpySheriff                              0.66 %

5.      Virtumonde                              0.63 %

6.      Trojan.Win32.Qhost.hf                   0.62 %

7.      VirusBurst                              0.57 %

8.      AvenueMedia.InternetOptimizer           0.52 %

9.      Zango.SearchAssistant                   0.50 %

10.     Command Service                         0.49 %


Trojan-Downloader.Zlob.Media-Codec is a trojan that installs rogue security software on the infected machine without notice and consent. It purports to be a needed codec or upgrade to Windows Media Player when users attempt to watch certain adult/porn videos to trick the user into downloading it. Once downloaded, it contacts remote servers and initiates the download of rogue security software such as SpywareQuake.


This program is used to trick the affected user into purchasing certain security applications. DesktopScam will display false warnings that the computer is infected and uses a fake Windows update globe to trick the user into thinking that Microsoft Windows is reporting a spyware infection. Clicking on this notification directs the user to a pre-defined website to order malware removal software. In some cases the SecurityToolbar.DesktopScam may be present as well.


Trojan.Smitfraud downloads and installs programs that purport to scan for adware and spyware and typically display false reports of spyware in order to frighten the user into paying for the program.


SpySheriff is a purported antispyware application to scan for and remove spyware from users' computers. SpySheriff is known to be distributed through exploits that also download adware or spyware on users' computers without notice or consent. When SpySheriff is downloaded through an exploit, it puts a red icon in the system tray and shows a false warning that the computer is infected with spyware.


Virtumonde is an adware program that displays pop-up advertisements on the desktop and also downloads other software from various remote servers. There are many variants of Virtumonde, some with trojan-like behaviors including downloading other software without notice and consent, transmitting information to remote servers without notice and consent, and lowering system security on the infected machine.


Trojan.Win32.Qhost.hf is a trojan that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent.


VirusBurst is software that purports to scan and detect malware or other problems on the computer, but which attempts to dupe or badger users into purchasing the program by presenting the user with intrusive, deceptive warnings and/or false, misleading scan results.


AvenueMedia.InternetOptimizer is an adware program that spawns pop-up advertising on the desktop and downloads other adware.


Zango.SearchAssistant opens new browser windows showing websites based on the previous websites you visit. The adware will run in the background on a computer and will periodically direct users to other sponsors' websites, allowing users to compare prices between websites.

Command Service

Command Service is an adware application that opens pop-ups and displays various types of advertising on the user's desktop while browsing web pages. Command Service is installed by a number of drive-by downloaders, including IE-Plugin.

About Sunbelt Software's Threat Research Center

The Sunbelt Software Threat Research Center specializes in the discovery and analysis of dangerous vulnerabilities (i.e., security holes, bugs, maligned features or combination of operations) that could be exploited for Internet and email attacks. The research team actively researches new spyware outbreaks, creating and testing new spyware definitions on a constant basis. For detailed spyware research information and to view the top ten spyware in real-time please visit

About CounterSpy

CounterSpy is designed to be a one-stop solution to the spyware problem, with an extensive database of current spyware threats, that aggressively scans, detects, and removes a broad range of adware, spyware and other malware, while providing real-time prevention to reduce the chance of future spyware infections. With the best spyware database in the industry, CounterSpy delivers one of the highest spyware detection rates in the industry and has received the 2005 Best Buy and World Class Awards from PC World, Editor's Choice Award from Laptop Magazine, a 5-cow rating from Tucows, and a 5-star rating from CNET's

About Sunbelt Software

Headquartered in Tampa Bay (Clearwater), Fla., Sunbelt Software was founded in 1994 and Sunbelt Software is a leading provider of Windows security software with product solutions in the areas of antispam and antivirus, antispyware, and other network security tools. Leading products include CounterSpy Enterprise, Sunbelt Messaging Ninja and Sunbelt Kerio Personal Firewall. The company is part of Sunbelt International Group, based in Paris, France.

For more information about Sunbelt Software, please visit the company's website at:

Copyright © 2006 Sunbelt Software. All rights reserved. All trademarks used are owned by their respective companies.

Contact Information