Floki

Floki is a harmful bot that seems to be a variant of the infamous ZeuS banking Trojan. Floki is being distributed on the Dark Web to carry out attacks. Floki was first observed in September of 2016 and is a relatively new type of attack being distributed on the Dark Web. At first glance, the Floki threat does not seem particularly unique or unsafe. However, it does seem that there is a real danger associated with Floki.

Floki is a Highly Publicized Threat

Floki has appeared on underground forums and marketplaces in a variety of situations. Floki is being advertised heavily, which means that it is a fair bet to say that Floki will appear in the wild in increasing numbers through the end of 2016 and beginning of 2017. Considering the amount of information and resources available about Floki in the Dark Web and around the Internet, it is highly likely that Floki is already being used to carry out attacks around the world. However, Floki's authors may be exaggerating their claims regarding the effectiveness of Floki to increase the chances that more hackers will purchase it and use it in their attacks.

Floki was first being mentioned in underground marketplaces in September of 2016, claiming that Floki is a new variant of the infamous ZeuS Trojan. This version of Floki did appear in the wild in a limited capacity during that month. However, once customers start purchasing Floki to use in their attacks, it is likely that a botnet that uses Floki will emerge. Botnets are simply hives of hundreds or even thousands of computers that have been infected with threats to carry out coordinated attacks or a variety of other tasks. The true power of threats like Floki comes to fore when there are many computer users infected with the threat. This is because these botnets can be used to send out massive quantities of spam email, overload websites or servers with requests, or hide information such as child pornography or illegal revenue.

Unfolding the Floki Attack

One of the reasons why Floki has gained a following is because it seems it cannot be detected using deep packet inspection, which is partially true, according to PC security researchers' tests. However, this is likely to change as security software is updated to include Floki. Fortunately, computer users have started to study Floki in depth and have identified the IP addresses that may be used by Floki to communicate with Command and Control servers or to carry out its attacks. In fact, PC security researchers have already taken steps to call for blocking the hosting company that has been associated with possible Command and Control servers for Floki and other threats that use similar attacks.

Unfortunately, the fact that Floki is a variant of the ZeuS Trojan does not mean that the detection methods that could be used to stop ZeuS will work with Floki necessarily. It is, in fact, possible that Floki is a variant of Loki rather than ZeuS, with the idea to trick PC security researchers into using the wrong types of defenses from the attack. In fact, it's possible that Floki is not such an original threat, and that it is simply a recycled version of the Loki malware, which is already well known. Floki seems to have typical password collect capabilities, targeting computer user to gather their login information and crucial data such as online banking passwords and credentials. The best measure that can be taken against Floki is the use of a fully updated security program, as well as guarding against typical delivery methods, such as corrupted spam email campaigns.