Backdoor.Win32.Mokes

Detect Date 08/20/2015
Class Backdoor
Platform Win32
Description

Malware in this family (which is also known as “Smoke loader”) is distributed by criminals with the help of the Trojan.Win32.Cutwail spam bot. When run on the user’s computer, malware in the Backdoor.Win32.Mokes family downloads other malware (such as Trojan-Ransom.Win32.Cryptodef, also known as Cryptowall). Smoke loader is notable for its modular architecture, which enables the malware to gain additional features.

These modules make it possible for the malware to perform the following actions on an infected computer:

  • Spoof the Hosts file (located in the %SystemRoot%system32driversetchosts folder of the infected computer).
  • Steal user passwords.
  • Intercept data entered by the user in a web browser.
  • Install shell code on the user’s computer.

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 USA 10.57
2 India 6.49
3 Russian Federation 6.17
4 Vietnam 5.24
5 Algeria 4.85
6 United Kingdom 4.32
7 Kazakhstan 4.00
8 Australia 2.75
9 Germany 2.70
10 Brazil 2.36

* Percentage of all unique Kaspersky users attacked by this malware

Find out the statistics of the threats spreading in your region