This malware family poses a critical security threat to infected computers.
After obtaining control of an infected computer, the malware copies itself under random names to the %temp%, %windir%, and %appdata% folders. These copies are then added to the list of programs automatically run at startup of the operating system. The malware also sends GET HTTP requests to download files from the cybercriminal’s server and makes changes to the Windows Registry on the infected computer.
The most common changes to the Windows Registry include:
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware
|Find out the statistics of the threats spreading in your region|