Malware of this family creates many copies of itself in different folders and adds copies of itself to the system startup items. It also modifies OS security settings and the hosts file (database used for resolving domain names). If the windows opened on the computer contain certain names hard-coded in the malware, the computer is restarted. Copies of the worm are sent by email to addresses found on the victim’s computer, with the exception of the email addresses of antivirus developers and other major companies.
Geographical distribution of attacks by the Email-Worm.Win32.Brontok family
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware