Malware reports

Online Scanner Top Twenty for January 2008

Position Change in position Name Percentage
1 No Change
Trojan.Win32.Dialer.yz 2.56
2 New!
Trojan-Clicker.Win32.Small.kj 1.39
3 Down
Virus.Win32.Virut.av 1.31
4 Up
+3 1.30
5 No Change
Trojan.Win32.BHO.abo 1.18
6 New!
Trojan-Downloader.Win32.Small.hlr 1.10
7 Down
Email-Worm.Win32.Brontok.q 1.08
8 New!
Virus.Win32.Virut.n 1.04
9 Down
not-a-virus:PSWTool.Win32.RAS.a 1.00
10 New!
Trojan-Downloader.Win32.Bagle.hj 0.80
11 New!
Trojan-Dropper.Win32.Agent.dgo 0.78
12 Up
Trojan-Spy.Win32.Ardamax.n 0.73
13 New!
Trojan.Win32.BHO.agz 0.71
14 Down
-5 0.62
15 New!
New 0.62
16 New!
Trojan-Downloader.Win32.Bagle.hi 0.61
17 Down
-1 0.56
18 Up
not-a-virus:Monitor.Win32.Perflogger.cb 0.53
19 New!
not-a-virus:PSWTool.Win32.Messen.g 0.50
20 Return
Worm.Win32.AutoIt.c 0.46
Other malicious programs 81.12

There’s no such thing as New Year in the virus world. And it’s definitely not a time for seeing out the old and bringing in the new. Statistics for January show that the malware and potential malicious programs in circulation are remarkably similar to those in last month’s rankings.

Trojan dialers continue to dominate the top of the online chart for yet another month with Dialer.yz holding on to first place for the second month in a row. Trojan-Clicker.Win32.Small.kj – detected way back in March 2006 – was the surprise entrant in second place.

More importantly, the Virut virus epidemic continues unabated. The principal and most widespread variant of the family – Virut.av – is still in the top three. Those keeping it company in December – Virut.q and .p – were replaced in January by a new version – Virut.n.

Browser Helper Objects suffered a slight downturn, with only two of the three December entries remaining. However, this did not affect the showing of Trojan.Win32.BHO.abo, which held on to fifth place.

At the same time a wave of Bagle Trojan-Downloaders has suddenly burst into the Top Twenty. They may not rank very high at the moment – tenth, fifteenth and sixteenth places – but this type of activity threatens to pose an ever-greater risk to PC users. Incidentally, this trend was not reflected in the mail traffic statistics.

The veteran Brontok.q once again slipped down the rankings, falling four places in January. Its constant companion, the Rays worm, fared even worse: after slipping to tenth place last month it has now fallen off the bottom of the rankings. These two worms, however, have been such a familiar feature of our Top Twenty for so long and have bounced back before that it may be too premature to write them off completely.

Overall, keyloggers proved the dominant force in the Top Twenty with six entries; PSWTool.Win32.RAS.a, Ardamax.n,, Perflogger.cb, and were joined by a new entry for January, PSWTool.Win32.Messen.g.


  • New: Trojan-Clicker.Win32.Small.kj, Trojan-Downloader.Win32.Small.hlr, Virus.Win32.Virut.n, Trojan-Downloader.Win32.Bagle.hj, Trojan-Dropper.Win32.Agent.dgo, Trojan.Win32.BHO.agz,, Trojan-Downloader.Win32.Bagle.hi, not-a-virus:PSWTool.Win32.Messen.g.
  • Went up:, Trojan-Spy.Win32.Ardamax.n, not-a-virus:Monitor.Win32.Perflogger.cb.
  • Went down: Virus.Win32.Virut.av, Email-Worm.Win32.Brontok.q, not-a-virus:PSWTool.Win32.RAS.a,,
  • Re-entry: Worm.Win32.AutoIt.c.

Online Scanner Top Twenty for January 2008

Your email address will not be published. Required fields are marked *



APT trends report Q1 2024

The report features the most significant developments relating to APT groups in Q1 2024, including the new malware campaigns DuneQuixote and Durian, and hacktivist activity.

Subscribe to our weekly e-mails

The hottest research right in your inbox