Email-Worm.Win32.Brontok

Detect Date 02/01/2017
Class Email-Worm
Platform Win32
Description

Malware of this family creates many copies of itself in different folders and adds copies of itself to the system startup items. It also modifies OS security settings and the hosts file (database used for resolving domain names). If the windows opened on the computer contain certain names hard-coded in the malware, the computer is restarted. Copies of the worm are sent by email to addresses found on the victim’s computer, with the exception of the email addresses of antivirus developers and other major companies.

Geographical distribution of attacks by the Email-Worm.Win32.Brontok family


Geographical distribution of attacks during the period from 01 February 2016 to 01 February 2017

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russian Federation 29.54
2 Vietnam 9.24
3 Brazil 6.05
4 India 4.72
5 Mexico 4.34
6 Bangladesh 4.10
7 Turkey 3.39
8 Philippines 3.06
9 Azerbaijan 1.65
10 Spain 1.61

* Percentage among all unique Kaspersky users worldwide attacked by this malware