Criminal virus writers are turning away from large-scale exploits and are coding so-called 'zero-hour malware' that can quietly fly under the radar of corporate IT security systems, experts warned today.

According to the latest ScanSafe Global Threat Report on web filtering, viruses increased 13 per cent in June and the company blocked more than 300 unique web viruses during the month.

"Our data indicates that virus writers are using smaller, stealthier, higher-frequency attacks," said Eldar Tuvey, chief executive and co-founder of ScanSafe.

"In the past few months, we have not seen massive, headline-grabbing outbreaks. But we have seen a steady stream of low-volume viruses designed to exploit the time between the initial appearance of a virus and the release of an antivirus signature.

"By leveraging these zero-hour threats, virus writers can strike when users without real-time threat protection are most vulnerable and fly 'under the radar' until an antivirus signature is released."

The report warned that zero-hour malware represents one of the most significant security threats to corporate networks because they go undetected by the vast majority of security technologies.

ScanSafe reported a surge in intercepts of the Exploit.JS.CVE-2005-1790.j (Troj/Onladv-A), a downloader Trojan that affects Microsoft Windows.

The malware exploits the ONLOAD vulnerability associated with certain versions of Internet Explorer to download and execute a file from a remote website.