Description date

20 November 2015

Description of malware class


Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on the list of programs that run automatically when the operating system starts up.

Information about the names and locations of the programs to be downloaded is in the Trojan code, or is downloaded by the Trojan from an Internet resource (usually a web page).

More recently, this type of malicious program is frequently used for the initial infection of visitors to websites that contain exploits.

Description of platform


Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Description of malware family


This malware deactivates anti-virus software, intercepts the user's system data, downloads other malware via the Internet and runs it, and also spoofs URLs via the host file: for example, user requests are redirected to a malicious website or the user's attempts to access a legitimate website are blocked.

Geographical distribution of attacks by the Trojan-Downloader.Win32.Geral family

Geographical distribution of attacks during the period from 20 November 2014 to 20 November 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 India 19.08
2 Algeria 17.69
3 Vietnam 15.88
4 Morocco 7.28
5 Spain 2.75
6 Indonesia 2.67
7 Turkey 2.16
8 Malaysia 2.01
9 Saudi Arabia 1.95
10 Somalia 1.94

* Percentage among all unique Kaspersky Lab users worldwide who were attacked by this malware