The worm was originally discovered in April of 2010 by Microsoft security who describes it as “Win32/Ramnit is a family of multi-component malware that infects Windows executable files, Microsoft Office files and HTML files. Win32/Ramnit spreads to removable drives, steals sensitive information such as saved FTP credentials and browser cookies. The malware may also open a backdoor to await instructions from a remote attacker.”

In August 2011 (yes, over a year later) Trusteer reported that the worm had gone financial by trying to compromise banks and other corporate networks.