Trojan.Stabuniq appears to be spread by a phishing attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit. 40% per cent of infected systems belong to financial institutions who are mostly based in Chicago and New York. Once installed, it collects information including its computer name, IP address, operating system version and installed service packs, running processes and dumps that data to a command & control server located at::..Anatwriteromist.com.com.
Source: https://thehackernews.com/2012/12/stabuniq-trojan-rapidly-stealing-data.html