Originally, Worm.Win32.Cridex was a worm that spread through removable disks. The worm evolved over the years to become full-featured banking malware.
Later versions of the malware are able to perform the following actions:
Worm.Win32.Cridex carefully hides its command-and-control server by using a P2P network and proxy server.
Communication with the command-and-control server uses symmetric encryption, plus additional XOR encryption for the configuration file received from the command-and-control server.
Geographical distribution of attacks by the Worm.Win32.Cridex family
Top 10 countries with most attacked users (% of total attacks)
* Percentage among all unique Kaspersky users worldwide attacked by this malware