A pop-up serving Trojan designed to sidestep Norton's blocker code tops the list of malware threats to personal computers in May.

Security experts at BitDefender said that the May list is dominated by Trojans, most of them discovered in the past few months.

The notable exception in the top 10 list is Zlob, which has been making the rounds for some time.

In second place was WMA.Wimad.N which simply loads another piece of malware. It does this by pretending to be a 'helper application' that will download a codec to play a 'special type' of WMA file.

Once the user is tricked, WMA.Wimad.N downloads and runs Adware.PlayMp3z.A, an application designed to take personal information and use it in marketing or suspicious practices.

When executed, the adware even displays a pop-up with an end-user licence agreement in an attempt to convince users of its legitimacy.

Trying to avoid antivirus countermeasures seems to be a trend this month. In third place was a Trojan that serves only to prevent BitDefender from updating its virus signature database.

It does this by modifying the infected machine's hosts file. However, the trick works only on machines which do not have BitDefender on-access scanner activated.

"This just goes to show that it does not pay to turn off your protection even for a little while," said Sorin Dudea at BitDefender.

The NSAnti malware packer is still in the top 10, racking up points due to the sheer number of malware authors who still use it in their attempts to deliver their creations.

In 10th position is an old exploit targeting a bug in the way Microsoft Windows handles cursor and icon files.

Although this vulnerability, which potentially could allow attackers remote access, has long since been patched, a lot of malware still includes the exploit code.