Yesterday, we detected a downloader that focused media attention because it was spammed using some "curious" subjects:

# "Current Australia’s Prime Minister survived a hear attack"

# "Prime Minister survived a heard attack"

# "The life of the Prime Minister is in grave danger"

There were a few thousand infections all around the world. It downloaded all kind of files, 6 of which were malware. Among them, there were a keylogger, a web server (it installs it on your computer in order to have a complete access to all your drives), 2 Trojans (to prevent the access to certain security and AntiVirus related web sites) and another 2 Trojans that redirect the traffic of some bank websites in order to steal information.

It also used Google Maps in order to somehow locate the infected users. This may be useless but curious anyway.

Now thanks to TruPrevent(R) proactive technologies, we have caught its small brother (it will be for sure a huge family in the near future!). This time, instead of using google maps, it has a website with all the infected countries. The most affected one is Australia (almost 400 PCs infected in less than 24 hours), but you can also find some countries that may be considered as untypical, such as Irak, Vietnam, Malaysia, Madagascar, Malta or United Arab Emirates, as well as the most "usual" ones (USA, UK, Germany):

It has a link for each country where you can see every infected IP address with the infection date:

All of them are already detected as Generic Trojan with current signature file.