New Windows-based "downloader" malware known as Trojan-Downloader.Win32.Diehard has surged to the top of Kaspersky Lab's "Virus Top Twenty" list  for December because of its "explosive propagation," the security firm said Wednesday.

A downloader is a type of malware, which loaded onto a victim's machine, can enable the attacker to download many other types of malicious code to exploit and control it for activities ranging from spam to information theft.

The worst virus of the month in terms of sightings was not the Diehard downloader but a variant on the old NetSky, the worm that is still spreading almost four years after being discovered. Kaspersky reckons that the NetSky.q worm surged to 20% of e-mail traffic last month.

But the real surprise for December, according to Kaspersky, was that the Diehard variants grabbed the second, fourth and seventh spots on its list. This was a surprise because the .dc modification variant, which grabbed the second-place ranking, first appeared only on Dec. 21. But within a matter of days it constituted an estimated 80% of all malicious traffic for the month. Two other Diehard variants grabbed fourth and seventh place in December.

In its own findings, Kaspersky Labs stated that the significance is that "classic e-mail worms" may still rank high, but they tend to quickly disappear, only "creating a backdrop for the real battle which is taking place," which is "Trojan programs and phishing attacks."

Security firm Akonix, which specializes in instant-messaging (IM) based defense, today said it counted three new IM-based worms in December — Cargar, Etest and YMWorm — and determined that there have been a total of 346 IM-targeted malware types for 2007, down from the 406 IM malware types seen in 2006.