Malware reports

Online Scanner Top Twenty for June 2008

Table of Contents

Position Change in position Name Percentage
1. Up
Email-Worm.Win32.Brontok.q 1.50
2. Up
not-a-virus:PSWTool.Win32.RAS.a 1.31
3. New!
Trojan.Mac.Dnscha.d 1.14
4. Down
Virus.Win32.Virut.n 1.13
5. New!
not-a-virus:Monitor.Win32.ActMon.511 0.88
6. New!
Trojan.Mac.Dnscha.e 0.76
7. Up
Virus.Win32.Virut.q 0.66
8. Up
Worm.Win32.AutoIt.i 0.61
9. New!
Trojan.SymbOS.Skuller.gen 0.58
10. Return
not-a-virus:RiskTool.Win32.HideWindows 0.57
11. New!
Email-Worm.Win32.Runouce.b 0.57
12. Down
Worm.Win32.Mabezat.b 0.57
13. New!
Trojan-PSW.Win32.LdPinch.fbq 0.54
14. Down -5 Trojan.Win32.Delf.aam 0.53
15. Up
not-a-virus:PSWTool.Win32.PWDump.2 0.49
16. Return
Return 0.49
17. Down
Trojan-Downloader.Win32.AutoIt.aa 0.49
18. Up
Virus.Win32.Alman.b 0.47
19. New!


Trojan-Downloader.Win32.Delf.cxa 0.47
20. Down
not-a-virus:AdWare.Win32.Agent.zk 0.45
Other Malicious Programs 85.81

The Online Scanner Top 20 never ceases to amaze – this month a total of 3(!) malicious programs for non-Windows platforms appeared out of nowhere. Does this mean that other platforms are becoming so popular among virus writers that the usual leading platform, Win32, is now being challenged? Specifically, the new entries of note this month were Trojan.Mac.Dnscha.d, Trojan.Mac.Dnscha.e, Trojan.SymbOS.Skuller.gen.

Trojan.SymbOS.Skuller, one of the oldest Trojans for Symbian OS, replaces all file icons with a skull. Its appearance in the Top Twenty is completely unexpected, as is that of the Trojan.Mac.Dnscha family, which is a shell script for Macs that modifies DNS system settings.

Utilities that aren’t actually malicious, but which are used by other malware to obtain confidential user information or interfere with the smooth functioning of the victim machine are still common among the programs detected by our online scanner. Such programs are classified as not-a-virus.

The Top Twenty veterans Email-Worm.Win32.Brontok, Virus.Win32.Virut, and Virus.Win32.Alman are all still present in the rankings, and showing no signs of fading from the scene.


  • New: Trojan.Mac.Dnscha.d, not-a-virus:Monitor.Win32.ActMon.511, Trojan.Mac.Dnscha.e, Trojan.SymbOS.Skuller.gen, Email-Worm.Win32.Runouce.b, Trojan-PSW.Win32.LdPinch.fbq, Trojan-Downloader.Win32.Delf.cxa.
  • Moved up: Email-Worm.Win32.Brontok.q, not-a-virus:PSWTool.Win32.RAS.a, Virus.Win32.Virut.q, Worm.Win32.AutoIt.i, not-a-virus:PSWTool.Win32.PWDump.2, Virus.Win32.Alman.b.
  • Moved down: Virus.Win32.Virut.n, Worm.Win32.Mabezat.b, Trojan.Win32.Delf.aam, Trojan-Downloader.Win32.AutoIt.aa, not-a-virus:AdWare.Win32.Agent.zk.
  • Returned: not-a-virus:RiskTool.Win32.HideWindows,

Online Scanner Top Twenty for June 2008

Your email address will not be published.



The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox