Virus & Malware Observatory



This page dynamically publishes the data from the Virus & Observatory. Malware that CRAM (AntiMalware Research Center) of TG Soft decided to institute it as early as January 2004. The aim is to provide reliable information on the computer viruses and malware actually circulating.
It was considered appropriate to make the summary information available according to the scheme displayed.
Of course, the published data are samples, so they are certainly not to be considered exhaustive, but they are certainly able to give the perception of the phenomenology of the spread of computer viruses and malware.

The use of data processed in these pages must be requested in advance from the TG Soft at the e-Mail address, specifying the purposes of use of the data and the publication (paper, electronic or other ...) where they will be inserted.

Computer viruses and malware deriving from real infections, distinguished by type and by single pathogen (all the malware that hit every single machine reported are counted).

There are still no data to be processed for this period.
There are still no data to be processed for this period.

Computer viruses and malware deriving from infections of pathogens that are transmitted through e-mail (all malware that has reached the computer but that were blocked before infecting it are counted).

There are still no data to be processed for this period.
There are still no data to be processed for this period.
Select Mounth
Select Year
Select Year

Virus: these are programs, or parts of programs, that can infect other programs, archives, system areas (MBR, Boot Sector) or executable objects, including a copy of itself inside.

Malware: generic term for a computer parasite, such as Virus, Adware, Backdoor, BHO, Dialer, HTML, LSP, Spyware, Trojan and Worm.

Adware: these are malware whose main feature is to display advertisements, generally through Pop-Up windows.

Backdoor: these are remote administration programs that allow you to control the infected computer from the network. These programs are not able to replicate themselves, but have the characteristic of keeping ports open on the computers where they have been run. These ports, entry points, can be used by users connected to the network to access data and programs on the computer where the Backdoor has been performed. Backdoors can have various functions such as: sending and receiving files, deleting archives, executing payloads or carrying viruses within the system.

BHO: these are software modules (dynamic libraries .DLL) that are loaded automatically by Internet Explorer. They can check the sites visited, install toolbars and change the home page of their browser.

Dialer: these are programs that modify the Internet connection by changing the telephone number of the connection. They are especially dangerous for those who connect to the Internet using analog and / or ISDN modems. For those who connect on the ADSL line they can cause the disconnection of the connection.

Fraudtool: consist of so-called 'rogue-antivirus' programs, which pretend to be AntiVirus solutions. After they are installed on the computer, they pretend to «find» one or more viruses, even on absolutely clean systems, and propose to buy their paid version to immunize / disinfect their computer. In addition to direct user fraud, these programs also have adware functionality within them.

Hijacker: sono programmi che genericamente vengono richiamati da controlli Active-X. Una volta aggredito il computer, si amalgamano al browser di navigazione web cambiando i parametri di protezione e le impostazioni di default.

HTML: these are Scripts that are contained within .HTML pages. The effects can be manifold.

Keylogger: are programs that aim to capture everything that is typed on our keyboard. Words pass from the keyboard to the computer; in the latter the Keylogger filters the words, stores them and sends them back, as a signal, to a given address.

LSP: (Layer Service Provider) are libraries that hook to WinSock TCP/IP. They have the potential to analyze the Internet traffic of infected computers.

Rootkit: are programs created to have complete control over the system without the need for user or administrator authorization. Rootkits are typically used to hide backdoors.

Spyware: these are programs capable of 'spying' the contents of computers.

Trojan: These are programs that intentionally hide their malicious actions from the user, making them believe they are performing other functions. Trojans are generally unable to spread autonomously as they do not possess the ability to infect. Generally the purpose of a Trojan is to execute its payload.

Worm: these are independent programs that try to infect other computer systems through the network or by sending e-mails with copies of themselves attached.

PUP: the acronym stands for Potentially Unwanted Program, i.e. potentially unwanted programs. It refers to applications that would be considered unwanted, despite often being downloaded by the user, usually after not reading the download agreements carefully.

Ransomware: This is a type of malware that restricts access to the computer system it infects, demanding a ransom to be paid to the creator of the malware, so that the restriction can be removed. Some variants of this infection encrypt files on the system's hard drive (Cryptomalware), while some may simply lock the system and display messages intended to convince the user to pay.

Vir.IT eXplorer PRO is certified by the biggest international organisation: