Trojan.Win32.Vilsel

Detect Date 12/30/2015
Class Trojan
Platform Win32
Description

This malware family poses a critical security threat to infected computers.

After obtaining control of an infected computer, the malware copies itself under random names to the %temp%, %windir%, and %appdata% folders. These copies are then added to the list of programs automatically run at startup of the operating system. The malware also sends GET HTTP requests to download files from the cybercriminal’s server and makes changes to the Windows Registry on the infected computer.

The most common changes to the Windows Registry include:

  • Disabling of system programs and services, such as:
    • Windows Firewall
    • Task Manager
    • Registry Editor
    • User Account Control (UAC)
  • Adding registry entries for Windows services

Geographical distribution of attacks by the Trojan.Win32.Vilsel family

Geographical distribution of attacks during the period from 30 December 2014 to 30 December 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russia 19.10
2 India 7.95
3 Vietnam 5.44
4 Indonesia 5.42
5 Germany 4.06
6 Turkey 3.70
7 France 2.93
8 Brazil 2.51
9 USA 2.43
10 Morocco 2.19

* Percentage among all unique Kaspersky users worldwide attacked by this malware