20 November 2015
Description of malware class
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on the list of programs that run automatically when the operating system starts up.
Information about the names and locations of the programs to be downloaded is in the Trojan code, or is downloaded by the Trojan from an Internet resource (usually a web page).
More recently, this type of malicious program is frequently used for the initial infection of visitors to websites that contain exploits.
Description of platform
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.
Description of malware family
This malware deactivates anti-virus software, intercepts the user's system data, downloads other malware via the Internet and runs it, and also spoofs URLs via the host file: for example, user requests are redirected to a malicious website or the user's attempts to access a legitimate website are blocked.
Geographical distribution of attacks by the Trojan-Downloader.Win32.Geral family
Geographical distribution of attacks during the period from 20 November 2014 to 20 November 2015
Top 10 countries with most attacked users (% of total attacks)
|Country||% of users attacked worldwide*|
* Percentage among all unique Kaspersky Lab users worldwide who were attacked by this malware