But around 87% of its targets seems to be in UK.
Rovinix is suspected to be the evolution of a another trojan Carberp, which was known to target Russians.
Current Iteration
In its current form, Rovinix has been spreading through phishing emails.
Although it has maintained its record of targeting Windows machines specifically instead of branching out to other OS.
The malware spread via infected Andromedia downloader.
Its primary target has been credit card credentials.
In addition to stealing data, this trojan now sends this data after encrypting it.
Thus making it even harder to detect.
Encryption has been touted as the new armour against spying by government agencies and a tool for privacy.
Looks like the bad guys have also learned this pretty fast.
The switch to encrypted communications shows that this e-threat is still under active development.
Cosoi explained: The DGA generates five or 10 domains per quarter.
This means there are 20 or 40 candidate domain names per year.
Past History
This trojan first surfaced around 3 and a half years back.
Rovinix was also the first trojan to utilize Volume Boot Record (VBR) infection.
source: www.techworm.net
