The Hiloti generic downloader is a trojan first seen in December 2008 and has shown a dramatic increase in infection rates of PCs during June 2011. Hiloti is a generic malware downloader, meaning it typically downloads other malware, e.g. Zeus and SpyEye.
Hiloti creates a malicious DLL in the Windows directory, and hacks the Windows registry to maintain its presence on an infected machine across a normal boot cycle.
Amit Klein, Trusteer's CTO said, “We suspect that a Hiloti-infecting campaign - which is quite likely to be a drive-by download infection - is now taking place, having started on June 20th.”
UK statistics show that the Hiloti malware is surging to between two and three times its previous levels of infections.
“What is interesting is that the infection does not appear to be affecting the US and other international territories, suggesting that it is a carefully targeted attack on one of more UK banking portals”, said Klein.
Trusteer's research teams will continue to monitor the levels of infection of Hiloti.
We would stress that users of Trusteer Rapport security software are protected from the Hiloti downloader and its financial payload, even if other security defences have not detected it.