Worm.Win32.Ngrbot

Detect Date 09/29/2015
Class Worm
Platform Win32
Description

On an infected computer, this malware displays messages that resemble the following ones:

Main reasons:

  • you stupid cracker
  • you stupid cracker…
  • you stupid cracker?!

Then the bot begins to receive commands from the command-and-control IRC server, such as to start a DDoS attack.

These malicious programs can block connections to the servers of anti-virus companies, steal user passwords for various legitimate websites, and intercept messages sent by the user on social networks.

The worm spreads via messages on social networks and Skype, as well as external drives connected to a computer.

Geographical distribution of attacks by the Worm.Win32.Ngrbot family

ngrbotwin32eng1

Geographical distribution of attacks during the period from 27 September 2014 to 27 September 2015

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Russia 29.19
2 India 9.78
3 Vietnam 6.60
4 Mexico 5.45
5 Algeria 3.79
6 Malaysia 3.34
7 Kazakhstan 3.05
8 Indonesia 2.48
9 Sri Lanka 2.41
10 Iran 2.05

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware