Solutions for:
Home Products
Small Business
Medium Business
Enterprise
Vulnerabilities Threats
Home Threats Downloader Win32

Downloader.Win32.Gamini

Detect date
10/21/2019
Class
Downloader
Platform
Win32

Parent class: Riskware

Riskware covers legitimate programs (some of which are sold publicly and commonly used for legitimate purposes), which can cause damage when they fall into the hands of malicious users (and are used to delete, block, modify, or copy data, or disrupt the performance of computers or networks). Programs in this class include remote administration utilities, IRC clients, dialer programs, file downloaders, software for monitoring computer activity, password management utilities, and numerous Internet server services such as FTP, web, proxy and telnet. These programs are not malicious in themselves, although they do have functions that can be used for malicious purposes. For example, a remote administration program such as WinVNC provides access to the interface of a remote computer and uses a remote machine to control or monitor it. This is how its functions are described on the developer’s official website: VNC stands for Virtual Network Computing. It is remote control software which allows you to view and interact with one computer (the “server”) using a simple program (the “viewer”) on another computer anywhere on the Internet. The two computers don’t even have to be the same type, so for example you can use VNC to view an office Linux machine on your Windows PC at home. VNC is freely and publicly available and is in widespread active use by millions throughout industry, academia and privately. This is a legitimate piece of software that is publicly available and a necessity for system administrators and other technical specialists. However, in the hands of malicious users, this program is capable of damaging user data; our Virus Lab has recorded incidents in which WinVNC was secretly installed in order to obtain full remote access to someone else’s computer. Another example is the mIRC utility. This is an IRC network client that is also a legitimate program: mIRC is a shareware IRC client for Windows. It is developed and copyrighted by Khaled Mardam-Bey. mIRC is a highly configurable IRC client with all the goodies other clients on UNIX, Macintosh and even on windows offer, combined with a *nice* and clean user interface. mIRC offers full color text lines, DCC File Send and Get capabilities, programmable aliases, a remote commands and events handler, place sensitive popup menu’s, a great Switchbar, World Wide Web and sound support, and… a lot more. mIRC is shareware but not crippled in any way… The extended features of mIRC can also be used by malicious users — our Virus Lab regularly identify Trojan programs (backdoors, in particular) which use mIRC functions. Any IRC backdoor is capable of writing its own scripts to the mIRC configurations file and successfully delivering its malicious payload without the knowledge of the user. The mIRC user won’t even suspect that a Trojan is running on his computer. Often, malicious programs install the mIRC client themselves for later malicious use. In such cases, mIRC is usually saved to the Windows folder and its subfolders. If mIRC is detected in these folders, it almost always means that the computer has been infected with some type of malicious programs. By default, the option to detect Riskware is disabled in Kaspersky Lab products. However, the user can always enable this option. Our opinion is that the user should make his/ her own decision. Read more

Class: Downloader

Programs of this type stealthily download a variety of content from network resources. They are not malicious programs, but malicious users can use them to download malicious content onto a victim computer. If a user has installed such a program on his/her computer, or if it was installed by a system administrator, then it does not pose any threat.

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Description

This family includes software installers that, in addition to the software being installed, also install online games on the user's computer.

Top 10 countries with most attacked users (% of total attacks)

1
Russian federation
83.62%
2
Kazakhstan
5.55%
3
Belarus
3.04%
4
Ukraine
2.91%
5
Uzbekistan
1.25%
6
Germany
0.89%
7
Netherlands
0.82%
8
United states of america
0.43%
9
Turkey
0.27%
10
Turkmenistan
0.2%

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Related articles
08 July 2025
Securelist
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
07 July 2025
Securelist
Batavia spyware steals data from Russian organizations
25 June 2025
Securelist
AI and collaboration tools: how cyberattackers are targeting SMBs in 2025
23 June 2025
Securelist
SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
11 June 2025
Securelist
Toxic trend: Another malware threat targets DeepSeek
09 June 2025
Securelist
Sleep with one eye open: how Librarian Ghouls steal data by night
Found an inaccuracy in the description of this vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Found a new Threat or Vulnerability?
If you found a new Threat or Vulnerability, please, let us know by email:
newvirus@kaspersky.com
Solutions for
Home Products
Small Business
Medium Business
Enterprise
Select language
Sorting
Threat
Confirm changes?
Your message has been sent successfully.