Windows 10 News and info | Forum
July 06, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: New malware infects thousands of PCs, confirms Microsoft and Cisco Talos  (Read 146 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 31564

I Do Windows

WWW Email
« on: September 29, 2019, 12:58:57 AM »

Microsoft and Cisco Talos identified a new malware which has affected thousands of computers in the US as well as in Europe. The companies stated that this malware has an ability to turn the PCs into proxies for performing malicious activity.

This malware was named by Microsoft as Nodersok while the Cisco Talos called it Divergent. This threat has many of its own components to carry out malicious activities but it also takes advantage of existing tools.

It should be mentioned that this malware leverages widely used Node.js framework and WinDivert, which is a user-mode packet capture-and-divert package for Windows 2008, Windows 7, Windows 8, Windows 10 and Windows 2016 to turn infected machines into proxies for malicious behavior.

Microsoft and Cisco Talos both the companies released the threat report on this malware on Wednesday, September 25 in separate blog posts.

As per the Microsoft researchers once Nodersok turns the systems into unwitting proxies "it uses them as "a relay to access other network entities (websites, C&C servers, compromised machines, etc.), which can allow them to perform stealthy malicious activities."

While both the companies had a different opinion as to exactly what it does, Cisco Talos researchers said that "This malware can be leveraged by an attacker to target corporate networks and appears to be primarily designed to conduct click-fraud. It also features several characteristics that have been observed in other click-fraud malware, such as Kovter."

The company believes that this malware is still to be in active development.

However, Microsoft stated that even though Windows Defender is able to identify and block Nodersok, detecting this malware could be a little bit difficult because it leverages legitimate infrastructure.

In addition, Microsoft said in the post that this threat campaign is very interesting not only because "it employs advanced fileless techniques, but also because it relies on an elusive network infrastructure that causes the attack to fly under the radar."

But Nodersok's behavior gives an opportunity to the researchers who would be able to detect it at some point.

However, Microsoft advised people to avoid running HTA files found on their systems, especially those files which they don't remember downloading or the origin of which they can't identify.

« Last Edit: September 29, 2019, 01:14:41 AM by javajolt » Logged

Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page June 04, 2020, 02:41:54 AM