Malware reports

Online Scanner Top Twenty for January 2007

Position Change in position Name Percentage
1. New!
Trojan.Win32.Diamin.fc 3,15
2. New!
Trojan-Downloader.Win32.Small.edb 2,45
3. Up
Email-Worm.Win32.Rays 1,64
4. Up
Trojan-Downloader.Win32.Small.dam 1,61
5. New!
New! 1,38
6. New!
New! 1,37
7. New!
New! 1,35
8. Return
not-a-virus:Monitor.Win32.Perflogger.163 1,30
9. No Change Email-Worm.Win32.Brontok.q 1,24
10. New!
Backdoor.Win32.Bifrose.acs 1,23
11. Up
not-a-virus:PSWTool.Win32.RAS.a 1,16
12. New!
New! 1,15
13. Down
Trojan.Win32.Dialer.cj 0,99
14. New!
EICAR-Test-File 0,86
15. Up
Trojan-Downloader.Win32.INService.gen 0,83
16. Down
-5 0,82
17. New!
New! 0,79
18. New!
not-a-virus:Monitor.Win32.Perflogger.bx 0,77
19. Return
not-a-virus:AdWare.Win32.Softomate.u 0,76
20. New!
New! 0,74
Other malicious programs 74,41

Several months ago we highlighted the unexpected appearance of a large number of Trojan dialer programs in our statistics. Very soon they had not only squeezed out the Trojan-Spy and Trojan-Downloader programs, but had also managed to climb to the top of the table. Whereas in December the leader was Dialer.cj, the January Online Top Twenty includes several representatives of the Diamin family, with Diamin.fc leading the rankings. This Trojan family has been around for a while; it appears to have been created in Italy and these programs are quite widespread in the European segment of the Internet.

The total number of dialers in the Top Twenty is five. This confirms that programs from this class are currently undergoing a rapid evolution.

Nevertheless, Trojan-Downloader programs, the most widespread class of Trojans, remain among the leaders: representatives of this class are in second and fourth place in our January rankings. This is not surprising, as these are versatile applications which allow cybercriminals to install other malicious programs on infected computers.

Trojan spies are also holding their own. This month, keyloggers occupy several positions in our table: Perflogger (3 variants) and RAS. From a virus analyst’s viewpoint, these programs cannot be classified as pure Trojans, but they do have a spy function and we are therefore obliged to include them in our reports.

As for worms, there have been no significant changes: Rays and Brontok have, as is traditional, made it into the charts, accompanied by the Virus Top Twenty leader, This latter worm, however, managed to reach the sixteenth place in the online rankings, dropping five positions since December.

As for programs with true spy functionality, only the Brazilian program made it into the Top Twenty. This Trojan-Spy targets the data of users who have accounts at Banco Nossa Caixa S.A and poses very little threat to Internet users in Europe, America and Asia.


  • New:
    Trojan.Win32.Diamin.fc, Trojan-Downloader.Win32.Small.edb,,,, Backdoor.Win32.Bifrose.acs,, EICAR-Test-File,, not-a-virus: Monitor.Win32.Perflogger.bx,
  • Moved up: Email-Worm.Win32.Rays, Trojan-Downloader.Win32.Small.dam, not-a-virus:PSWTool.Win32.RAS.a, Trojan-Downloader.Win32.INService.gen,
  • Moved down: Trojan.Win32.Dialer.cj,
  • Re-entry: not-a-virus:Monitor.Win32.Perflogger.163, not-a-virus:AdWare.Win32.Softomate.u

Online Scanner Top Twenty for January 2007

Your email address will not be published. Required fields are marked *



APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

LuminousMoth APT: Sweeping attacks for the chosen few

We recently came across unusual APT activity that was detected in high volumes, albeit most likely aimed at a few targets of interest. Further analysis revealed that the actor, which we dubbed LuminousMoth, shows an affinity to the HoneyMyte group, otherwise known as Mustang Panda.

WildPressure targets the macOS platform

We found new malware samples used in WildPressure campaigns: newer version of the C++ Milum Trojan, a corresponding VBScript variant with the same version number, and a Python script working on both Windows and macOS.

Ferocious Kitten: 6 years of covert surveillance in Iran

Ferocious Kitten is an APT group that has been targeting Persian-speaking individuals in Iran. Some of the TTPs used by this threat actor are reminiscent of other groups, such as Domestic Kitten and Rampant Kitten. In this report we aim to provide more details on these findings.

Subscribe to our weekly e-mails

The hottest research right in your inbox