Kaspersky Threats

Detect Date

06/28/2016

Class

Platform

Description

Trojan-Spy.Win32.Ursnif is a banking Trojan written using Microsoft Visual C++. Also known as IAP, ISFB, Gozi, Rovnix, and Papras. Information for contacting command-and-control servers is either hard-coded in the Trojan itself or generated based on the current date and system configuration. Works with 32- and 64-bit versions of Internet Explorer and Firefox, and 32-bit versions of Chrome.

Main features include:

Stealing user names, passwords, and personal data from web forms
Stealing installed certificates
Downloading and launching other software
Running a SOCKS proxy server
Intercepting keystrokes
Capturing screenshots
Performing web injects (when malicious content is inserted into the web pages opened by a user in a web browser)

Geographical distribution of attacks by the Trojan-Spy.Win32.Ursnif family

ursnif

Geographical distribution of attacks during the period from 28 June 2015 to 28 June 2016

Top 10 countries with most attacked users (% of total attacks)

	Country	% of users attacked worldwide*
1	Spain	22.74
2	Poland	17.57
3	Germany	15.67
4	Russian Federation	6.71
5	Italy	5.34
6	Switzerland	3.89
7	Austria	2.96
8	USA	2.12
9	Ukraine	1.63
10	Japan	1.59

* Percentage among all unique Kaspersky users worldwide attacked by this malware

Find out the statistics of the threats spreading in your region