VERY IMPORTANT

If we look on Ramnit’s history, it’s hard to exactly pin down which malware family it actually belongs to. One thing is certain, it’s not a new threat. It emerged in 2010, transferred by removable drives within infected executables and HTML files. A year later, a more dangerous version was released. It contained a part of recently leaked Zeus source code, which allowed Ramnit to become a banking trojan. These days, it has become much more sophisticated by utilizing a number of malicious activities including: Performing Man-in-the-Browser attacks Stealing FTP credentials and browser cookies Using DGA (Domain Generation Algorithm) to find the C&C (Command and Control) server Using privilege escalation Adding AV exceptions Uploading screenshots of sensitive information