Description date

29 September 2015

Description of malware class


Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on the list of programs that run automatically when the operating system starts up.

Information about the names and locations of the programs to be downloaded is in the Trojan code, or is downloaded by the Trojan from an Internet resource (usually a web page).

More recently, this type of malicious program is frequently used for the initial infection of visitors to websites that contain exploits.

Description of platform


Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Description of malware family


Malicious programs in this family download other malware from remote servers and install it on the infected computer without the user's knowledge.

Geographical distribution of attacks by the Trojan-Downloader.Win32.Agent family

Geographical distribution of attacks during the period from 27 September 2014 to 27 September 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russia 19.36
2 India 8.99
3 Brazil 6.56
4 USA 5.95
5 Germany 4.10
6 Vietnam 3.77
7 France 3.58
8 Kazakhstan 3.28
9 Turkey 2.12
10 Ukraine 2.08

* Percentage among all unique Kaspersky Lab users worldwide who were attacked by this malware