The Hiloti generic downloader is a Trojan first seen in December 2008 has shown a dramatic increase in infection rates of PCs during June 2011. Hiloti is a generic malware downloader, meaning it typically downloads other malware, e.g. Zeus and SpyEye.
Hiloti creates a malicious DLL in the Windows directory, and hacks the Windows registry to maintain its presence on an infected machine across a normal boot cycle.
Amit Klein, Trusteer’s CTO said, “We suspect that a Hiloti-infecting campaign – which is quite likely to be a drive-by download infection – is now taking place, having started on June 20th.”
Here is a typical infection graph from the UK, which shows that the Hiloti malware is surging to two to three times it previously level of infections.
What is interesting is that the infection does not appear to be affecting the US and other international territories, suggesting that it is a carefully targeted attack on one of more UK banking portals”, said Klein.