Latest in Gear

Image credit: sasha85ru via Getty Images

Malware uses web apps to turn PCs into conduits for attacks

Thousands of systems have been targeted.
457 Shares
Share
Tweet
Share
Save

Sponsored Links

sasha85ru via Getty Images

It's not just botnets that can hijack PCs for nefarious ends. Microsoft and Cisco's Talos researchers have identified a new malware strain, Nodersok (or Divergent), that uses web apps to turn systems into proxies for malicious internet traffic. The attack gets victims to run an HTA (HTML application) file through a rogue ad or download, launching a complex sequence of events. JavaScript in the HTA downloads a separate JavaScript file, and that in turn runs a PowerShell command that downloads and runs a whole host of tools, including ones that disable Windows Defender, ask for more control, capture data packets and create the intended proxy.

Crucially, the infection relies on legitimate programs to accomplish its task, whether they're built into Windows or downloaded from third parties. There are no malware programs copied to storage. The approach makes it harder for security teams to research the code and devise countermeasures.

It's not certain who's behind Nodersok. It appears to be meant for everyday criminals rather than hostile countries, however. Cisco believed that i was "primarily designed" for click fraud, or the practice of automatically generating ad clicks to boost revenue from websites. Most targets are typical consumers in Europe and the US rather than corporate or government users.

Both Microsoft and Cisco are keen to tout the ability of their enterprise-grade defense systems to thwart the malware. Most people don't have access to those to those resources, though, and conventional signature-based antivirus software has a much harder time. Nodersok has targeted "thousands of machines" in recent weeks, according to Microsoft, and that might not let up in the near future.

Via: ZDNet
Source: Microsoft, Talos
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
457 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Redbox will stop selling Disney movie codes as part of settlement

Redbox will stop selling Disney movie codes as part of settlement

View
Google's fight with Oracle will be heard in the Supreme Court

Google's fight with Oracle will be heard in the Supreme Court

View
Cortana app will stop working on phones in some countries (updated)

Cortana app will stop working on phones in some countries (updated)

View
Recommended Reading: The 15th anniversary of 'Halo 2'

Recommended Reading: The 15th anniversary of 'Halo 2'

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr