ThreatExpert's Statistics for Infostealer [Symantec]:

Infostealer [Symantec] is also known as:

Threat Alias	Number of Incidents
Mal/Generic-A [Sophos]	4,321
Trojan-GameThief.Win32.MultiFirst [Ikarus]	4,103
Generic PWS.y [McAfee]	3,018
Trojan-PWS.OnlineGames [PC Tools]	2,453
PWS:Win32/Lolyda.T [Microsoft]	2,371
Trojan-GameThief.Win32.MultiFirst.ad [Kaspersky Lab]	2,025
Trojan-PSW.Generic [PC Tools]	1,670
Trojan-Downloader.Homles!sd6 [PC Tools]	1,521
Packed.Win32.Krap.ah [Kaspersky Lab]	1,462
Generic.PWS.Games [Ikarus]	1,432
Trojan-GameThief.Win32.MultiFirst.ah [Kaspersky Lab]	1,368
Trojan-GameThief.Win32.Magania.gen [Kaspersky Lab]	1,362
New Malware.aj [McAfee]	1,157
Mal/EncPk-MA, Mal/FakeDouf-B [Sophos]	1,016
TROJ_DLOADER.ZCF [Trend Micro]	1,014
Generic.dx [McAfee]	998
Packed.Win32.Krap [Ikarus]	810
Trojan:Win32/Opachki.A [Microsoft]	666
PWS-Mmorpg.gen [McAfee]	643
Trojan.CryptRedol [Ikarus]	627
PWS-OnlineGames.a [McAfee]	592
Trojan-Spy.KeySpy!sd6 [PC Tools]	576
Generic.dx!hca [McAfee]	575
TSPY_KEYSPY.S [Trend Micro]	504
PWS:Win32/OnLineGames.GC [Microsoft]	487
Trojan-GameThief.Win32.MultiFirst.ae [Kaspersky Lab]	420
Mal/EncPk-LT, Mal/FakeAV-BX, Mal/FakeDouf-B, Mal/EncPk-MA [Sophos]	414
PWS:Win32/Lolyda.M [Microsoft]	412
Trojan-PWS.Magania [PC Tools]	398
Trojan:Win32/Perkesh.A [Microsoft]	307
Trojan.Win32.Hooker [Ikarus]	290
Trojan.Win32.Hooker.ae [Kaspersky Lab]	289
Trojan-GameThief.Win32.MultiFirst.ac [Kaspersky Lab]	289
Trojan.Hooker!sd6 [PC Tools]	272
BackDoor-CEP.svr [McAfee]	268
Troj/Dloadr-CTC [Sophos]	250
Trojan-Spy.Win32.KeySpy.u [Kaspersky Lab]	240
PWS.Win32.Lolyda [Ikarus]	232
Backdoor:Win32/Bifrose.AE [Microsoft]	227
PWS-OnlineGames.cz [McAfee]	225
Trojan-GameThief.Win32.MultiFirst.al [Kaspersky Lab]	225
Win-Trojan/OnlineGameHack.3584.J [AhnLab]	222
PWS-OnlineGames.cf [McAfee]	217
PWS-LDPinch [McAfee]	198
Trojan-GameThief.Win32.MultiFirst.w [Kaspersky Lab]	196
Trojan-Downloader.Win32.Homles.br [Kaspersky Lab]	195
Trojan-Downloader.Zlob.GEN [PC Tools]	192
Backdoor:Win32/Bifrose [Microsoft]	183
TrojanSpy:Win32/Treemz.gen!A [Microsoft]	174
Mal_Infostl [Trend Micro]	163
Backdoor:Win32/Bifrose.ACI [Microsoft]	162
Backdoor.Win32.Bifrose.bwt [Kaspersky Lab]	160
PWS:Win32/Stealer.M [Microsoft]	159
PWS-QQGame [McAfee]	151
Boaxxe.dll [McAfee]	149
Trojan.OnlineGames.Gen.49 [PC Tools]	148
BackDoor-CEP.gen.av [McAfee]	147
PWS:Win32/Fignotok.A [Microsoft]	147
Backdoor.Bifrose.BJC [PC Tools]	146
Backdoor.Win32.Bifrose.fsi [Kaspersky Lab]	146
Win-Trojan/Bifrose.1843200 [AhnLab]	145
Trojan-GameThief.Win32.MultiFirst.af [Kaspersky Lab]	144
Packed.Win32.NSAnti.r [Kaspersky Lab]	139
Win-Trojan/Xema.variant [AhnLab]	134
Trojan-PSW.QQPass!sd5 [PC Tools]	133
Troj/PSW-GM [Sophos]	129
Trojan-PWS.Win32.Agent [Ikarus]	129
Generic Downloader.x [McAfee]	128
Mal/Banspy-F [Sophos]	128
Generic Dropper.av [McAfee]	126
Trojan.Win32.Autoit.ci [Kaspersky Lab]	125
Trojan-Downloader.Win32.Small.almj [Kaspersky Lab]	124
TSPY_ONLINEG.IAT [Trend Micro]	122
Backdoor.Win32.Bifrose [Ikarus]	121
Trojan-Dropper.Agent [Ikarus]	117
TROJ_PROGEN121.A [Trend Micro]	113
Trojan.OnlineGames.Gen.65 [PC Tools]	113
Trojan-GameThief.Win32.OnLineGames [Ikarus]	111
Trojan-GameThief.Win32.MultiFirst.y [Kaspersky Lab]	110
Downloader-BTI [McAfee]	106
Win-Trojan/Downloader.20992.HH [AhnLab]	106
Trojan.Win32.Agent2.hfu [Kaspersky Lab]	104
Virus.Win32.Bifrose [Ikarus]	103
Trojan.Progent [PC Tools]	102
Win-Trojan/Dybalom.32768.B [AhnLab]	101
Trojan.Win32.Agent.bcn [Kaspersky Lab]	100
PWS:Win32/Strpasseal.B [Microsoft]	97
Trojan.Win32.Autoit [Ikarus]	96
Trojan-PWS.Win32.LdPinch [Ikarus]	94
BackDoor-CEP.gen.a [McAfee]	93
W32/Sality-AM [Sophos]	92
Trojan-Downloader.Delf [PC Tools]	91
Virus:Win32/Sality.AM [Microsoft]	91
not-a-virus:PSWTool.Win32.MailPassView.ck [Kaspersky Lab]	90
Trojan-Downloader.Win32.Small [Ikarus]	90
Backdoor:Win32/Poisonivy.E [Microsoft]	87
Mal/Bifrose-G, Mal/Bifrose-D, Mal/Bifrose-A, Mal/Bifrose-E [Sophos]	87
Backdoor:Win32/Bifrose.EY [Microsoft]	85
PWS-Progent [McAfee]	85
Trojan-Dropper.Delf [Ikarus]	84

Infostealer [Symantec] has the following possible countries of origin:

Origin		Number of Incidents
	China	2,485
	Netherlands	1,614
	Russian Federation	397
	Slovenia	391
	Sweden	277
	Brazil	274
	United Kingdom	193
	Spain	191
	Germany	159
	Israel	96
	Iran	30
	France	22
	Poland	21
	Turkey	15
	Italy	13
	Republic of Korea	13
	Egypt	9
	Switzerland	8
	Albania	7
	Portugal	7
	Saudi Arabia	6
	Taiwan	6
	Ukraine	6
	Denmark	5
	Romania	4
	Canada	3
	Australia	2
	Ireland	2
	Argentina	1
	Belgium	1
	Finland	1
	Japan	1
	Mexico	1
	Norway	1
	Oman	1
	Thailand	1

Infostealer [Symantec] is known to be created as:

%AppData%\bifrost\server.exe

%AppData%\d6.dll

%AppData%\gadcom\gadcom.exe

%AppData%\gusanito.exe

%AppData%\iecheck.exe

%AppData%\iexplore.exe

%AppData%\internet\internet.exe

%AppData%\key folder\filewin.exe

%AppData%\key folder\filewins.exe

%AppData%\key folder\rsupd.exe

%AppData%\key folder\sql2005.dll

%AppData%\key folder\tempsvr.exe

%AppData%\klg1.dll

%AppData%\msn messenger\msn.exe

%AppData%\myngo.exe

%AppData%\pridl\pridl.exe

%AppData%\regedit\fragmen.exe

%AppData%\riwzllered.exe

%AppData%\server.exe

%AppData%\set7.dll

%AppData%\svhost.exe

%AppData%\sxc.exe

%AppData%\system of pc\server.exe

%AppData%\system32\system32.exe

%AppData%\wd\sa.exe

%AppData%\windows\windows.exe

%AppData%\wks.exe

%AppData%\xoong3.dll

%CommonAppData%\%computername%\taskenv.exe

%CommonAppData%\nvapp.exe

%CommonAppData%\scvhost.exe

%CommonAppData%\server.exe

%CommonFavorites%\scvhost.exe

%CommonFavorites%\vhetytlt.exe

%CommonPrograms%\startup\java7.exe

%CommonPrograms%\startup\jqsd.exe

%CommonPrograms%\startup\ms_con.exe

%CommonPrograms%\startup\msn_live.exe

%CommonPrograms%\startup\msnmsgr.exe

%CommonPrograms%\startup\msoffice.exe

%CommonPrograms%\startup\out.exe

%CommonPrograms%\startup\startup.exe

%DownloadedProgramFiles%\003494ff.exe

%DownloadedProgramFiles%\smss.exe

%DownloadedProgramFiles%\svchost.exe

%FontsDir%\apsghjba.dll

%FontsDir%\comres.dll

%FontsDir%\nttudskb.dll

%FontsDir%\sysfool.exe

%FontsDir%\xoguzkjl.dll

%InternetCache%\33978.exe

%InternetCache%\34104.exe

%InternetCache%\51490.exe

%InternetCache%\70501.exe

%InternetCache%\78554949.exe

%LocalSettings%\tempservices.exe

%LocalSettings%\tmp21008.exe

%MyDocuments%\my music\46630.exe

%MyDocuments%\pinch3.exe

%MyDocuments%\skl1.0.exe

%Profiles%\default user\findfile.exe

%Profiles%\localservice\ntuser.dll

%Profiles%\server.exe

%ProgramFiles%\123\imagen1.exe

%ProgramFiles%\187\186.exe

%ProgramFiles%\32vegas casino\setupcasino.exe

%ProgramFiles%\36.scr

%ProgramFiles%\acd systemms\acdsee.exe

%ProgramFiles%\acspmonitor\asmonitor.exe

%ProgramFiles%\adobe\claylife2.exe

%ProgramFiles%\adobe\system36.exe

%ProgramFiles%\aq.exe

%ProgramFiles%\beginpoint\cbeginpoint.exe

%ProgramFiles%\bifrost\antivirus32.exe

%ProgramFiles%\bifrost\kos.exe

%ProgramFiles%\bifrost\osl.exe

%ProgramFiles%\bifrost\rundll32.exe

%ProgramFiles%\bifrost\server.exe

%ProgramFiles%\bifrost\sors.exe

%ProgramFiles%\bifrost\ver.exe

%ProgramFiles%\bifrost\windows.exe

%ProgramFiles%\bq7vt1lu.dll

%ProgramFiles%\cmvideoplugin\setup.exe

%ProgramFiles%\common files\explorer.exe

%ProgramFiles%\common files\fzx9823.exe

%ProgramFiles%\common files\smss.exe

%ProgramFiles%\common files\svchost.exe

%ProgramFiles%\common files\system\lsass.exe

%ProgramFiles%\common files\system\rdpsvc2.exe

%ProgramFiles%\common files\system\updaterun.exe

%ProgramFiles%\common files\system\webcheck.dll

%ProgramFiles%\common files\winlogon.exe

%ProgramFiles%\common\helper.dll

%ProgramFiles%\config32\system36.exe

%ProgramFiles%\der konig\server.exe

%ProgramFiles%\dir\server.exe

%ProgramFiles%\drv32z\ksjdssdaf.exe

%ProgramFiles%\dwntv\nomadder_nv.exe

%ProgramFiles%\elifrsno.exe

%ProgramFiles%\flashupdate\flashupd.exe

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
%CommonAppData% is a variable that refers to the file system directory containing application data for all users. A typical path is C:\Documents and Settings\All Users\Application Data.
%CommonFavorites% is a variable that refers to the file system directory that serves as a common repository for all users' favorite items. A typical path is C:\Documents and Settings\All Users\Favorites (Windows NT/2000/XP).
%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%DownloadedProgramFiles% is a variable that refers to the file system directory containing downloaded program files. A typical path is C:\Windows\Downloaded Program Files.
%FontsDir% is a variable that refers to a virtual folder containing fonts. A typical path is C:\Windows\Fonts.
%InternetCache% is a variable that refers to the file system directory that serves as a common repository for temporary Internet files. A typical path is C:\Documents and Settings\[UserName]\Local Settings\Temporary Internet Files.
%LocalSettings% is a variable that specifies the current user's local settings folder. By default, this is C:\Documents and Settings\[UserName]\Local Settings (Windows NT/2000/XP).
%MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
%Profiles% is a variable that refers to the file system directory containing user profile folders. A typical path is C:\Documents and Settings.
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.