KATUSHA Trojans typically arrive via spammed email messages or as files downloaded unknowingly by users when visiting malicious sites. It is used to download and execute other malicious files.
In 2010, a spam run that poses as an IT notification contained a KATUSHA variant as an attachment. Cybercriminals also used this malware to launch attacks on the users of the social networking site/blogging platform Multiply.
This Trojan adds the following registry entries to enable its automatic execution at every system startup: