The SASFIS Trojan variants may be not as famous and well-known as BREDOLAB’s or Zeus/Zbot’s, but they still pose a considerable danger to users and networks around the world.
The SASFIS infections are usually followed by plenty of other malware, since it is particularly adept at making the machines he finds himself on an easy target for botnet attacks from the previously mentioned Trojans. SASFIS is also often combined with FAKEAV variants.
After it is installed, SASFIS uses a GET request to download and install other malware. The authors get paid by other cybercriminals to install their own malware on the affected computers.
TrendLabs reports that the number of systems infected by this Trojan downloader has peaked last October, but that at the moment the infections have dropped by more than half.