Detect Date | 12/08/2016 | |||||||||||||||
Class | Trojan-Banker | |||||||||||||||
Platform | Win32 | |||||||||||||||
Description |
In terms of capabilities, this malware family replicates the Zeus family, upon which its source code is based. The main difference is in the method used for packaging the configuration file. While basic versions of Zeus used RC4+XOR for package encryption, followed by a configuration file in the zeus_storage format, the structure used by Floki is more complicated. The response from the server is encrypted using RC4+XOR, followed by data split into sections in a format that is unique to Floki. Combining parts from each section gives complete information. The first byte indicates the data type: Geographical distribution of attacks by the Trojan-Banker.Win32.Floki family
Countries with attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware |
|||||||||||||||
Find out the statistics of the threats spreading in your region |