Searching
..

Click anywhere to stop

Worm.Win32.Cridex

Detect Date 06/03/2016
Class Worm
Platform Win32
Description

Originally, Worm.Win32.Cridex was a worm that spread through removable disks. The worm evolved over the years to become full-featured banking malware.

Later versions of the malware are able to perform the following actions:
• Web injects
• Screenshots and clickshots (pictures of web pages when the user clicks the mouse)
• Blocks access to certain Internet sites
• Redirecting the user from one URL to another

Worm.Win32.Cridex carefully hides its command-and-control server by using a P2P network and proxy server.

Communication with the command-and-control server uses symmetric encryption, plus additional XOR encryption for the configuration file received from the command-and-control server.

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 Poland 19.93
2 Germany 10.13
3 Azerbaijan 7.84
4 Russian Federation 7.19
5 France 5.23
6 India 4.90
7 United Kingdom 4.90
8 Iran 3.92
9 Malaysia 3.27
10 China 2.94

* Percentage among all unique Kaspersky users worldwide attacked by this malware

Find out the statistics of the threats spreading in your region