Malware in this family (which is also known as “Smoke loader”) is distributed by criminals with the help of the Trojan.Win32.Cutwail spam bot. When run on the user’s computer, malware in the Backdoor.Win32.Mokes family downloads other malware (such as Trojan-Ransom.Win32.Cryptodef, also known as Cryptowall). Smoke loader is notable for its modular architecture, which enables the malware to gain additional features.
These modules make it possible for the malware to perform the following actions on an infected computer:
Geographical distribution of attacks by the Backdoor.Win32.Mokes family
Geographical distribution of detections during the period from 24 July 2014 to 27 July 2015
Top 10 countries with most attacked users (% of total attacks)
* Percentage of all unique Kaspersky Lab users attacked by this malware