The end-of-May chart shows that eight of the top ten ThreatNet detections were generic or VIPRE (Sunbelt's security software) detections, reflecting what Sunbelt says is a trend toward behavior-based detections.
The top slot was taken by Trojan.Win32.Generic once again with 27.8% of detections, although Sunbelt notes this is down in prevalence by almost a fifth from April.
INF.Autorun detections, meanwhile, grew significantly for the second month in a row, up by more than 55%, from 2.34% of overall detections in April to 3.63% in May. This, says the company, followed an almost 40% increase the previous month.
Two detections new to the Top 10 list were FraudTool.Win32.AVSoft at number eight with 1.32% and Trojan.Win32.Agent at number nine with 1.28%.
Sunbelt says that FraudTool.Win32.AVSoft is a VIPRE detection for malware that installs SecurityTool rogue anti-virus software, while Trojan.Win32.Agent is a trojan downloader that downloads a wide variety of malcode.
Commenting on the latest monthly results, Tom Kelchner, Sunbelt's software research centre manager, said that, although there is a continued high volume of Trojan downloaders, the level of generic detections has steadily increased over the past few months.
This, he explained, highlights the importance of behavioural testing via a 'sandbox' methodology to stop malicious applications without individual signature updates.
"This is a good strategy for stopping zero-day malicious code, or previously unknown malware, which is being generated by the bad guys with more frequency", he said.