Symantec discovered the Trojan on several servers belonging to financial institutions, including banking firms and credit unions. The Trojan has also compromised home computers, you can view a pie graph made by Symantec below:
Around one-half of unique IPs belong to home users and another 11 percent belong to companies that deal with Internet security (due, perhaps, to these companies performing analysis of the threat). An astounding 39 percent, consist of financial organizations. These financial institutions had their external border breached as the Trojan has been discovered on mail servers, firewalls, proxy servers, and gateways. The Trojan has spread via a combination of spam email and Web exploit kits to infect computers.