Latest in Gear

Image credit: sasha85ru via Getty Images

Malware uses web apps to turn PCs into conduits for attacks

Thousands of systems have been targeted.
444 Shares
Share
Tweet
Share

Sponsored Links

sasha85ru via Getty Images

It's not just botnets that can hijack PCs for nefarious ends. Microsoft and Cisco's Talos researchers have identified a new malware strain, Nodersok (or Divergent), that uses web apps to turn systems into proxies for malicious internet traffic. The attack gets victims to run an HTA (HTML application) file through a rogue ad or download, launching a complex sequence of events. JavaScript in the HTA downloads a separate JavaScript file, and that in turn runs a PowerShell command that downloads and runs a whole host of tools, including ones that disable Windows Defender, ask for more control, capture data packets and create the intended proxy.

Crucially, the infection relies on legitimate programs to accomplish its task, whether they're built into Windows or downloaded from third parties. There are no malware programs copied to storage. The approach makes it harder for security teams to research the code and devise countermeasures.

It's not certain who's behind Nodersok. It appears to be meant for everyday criminals rather than hostile countries, however. Cisco believed that i was "primarily designed" for click fraud, or the practice of automatically generating ad clicks to boost revenue from websites. Most targets are typical consumers in Europe and the US rather than corporate or government users.

Both Microsoft and Cisco are keen to tout the ability of their enterprise-grade defense systems to thwart the malware. Most people don't have access to those to those resources, though, and conventional signature-based antivirus software has a much harder time. Nodersok has targeted "thousands of machines" in recent weeks, according to Microsoft, and that might not let up in the near future.

Via: ZDNet
Source: Microsoft, Talos
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
444 Shares
Share
Tweet
Share

Popular on Engadget

A month on, Apple Arcade is too cheap to quit

A month on, Apple Arcade is too cheap to quit

View
The best iPhone screen protectors

The best iPhone screen protectors

View
IKEA begins selling its smart blinds in some US stores

IKEA begins selling its smart blinds in some US stores

View
Le Creuset's Star Wars cookware is available to pre-order

Le Creuset's Star Wars cookware is available to pre-order

View
Verizon and T-Mobile aren't supporting RCS on the Pixel 4 at launch

Verizon and T-Mobile aren't supporting RCS on the Pixel 4 at launch

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr