This malware family poses a critical security threat to infected computers.
After obtaining control of an infected computer, the malware copies itself under random names to the %temp%, %windir%, and %appdata% folders. These copies are then added to the list of programs automatically run at startup of the operating system. The malware also sends GET HTTP requests to download files from the cybercriminal’s server and makes changes to the Windows Registry on the infected computer.
The most common changes to the Windows Registry include:
Geographical distribution of attacks by the Trojan.Win32.Vilsel family
Geographical distribution of attacks during the period from 30 December 2014 to 30 December 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware