Press "Enter" to skip to content

Microsoft Finds malware’Nodersok’ that turns PCs into zombie proxies

Last updated on September 29, 2019

Researchers at Microsoft have discovered a new malware effort that’s infecting multiple computers around the world.

“The vast majority of goals are customers, however about 3 percent of experiences are observed in businesses in sectors such as education, professional services, health care, finance, and retail,” Microsoft Defender Advanced Threat Protection (ATP) Research staff stated.

“The effort is very interesting not just because it uses advanced fileless methods, but also since it depends on an evasive network infrastructure which results in the assault to fly under the radar,” the investigators wrote.

The assault starts when a user downloads and runs on an HTML application (HTA) file called Player1566444384.hta.

The specimens from the file name vary in each assault. Evaluation of Microsoft Defender ATP telemetry pointed into compromised advertisements since the most likely disease vector for bringing the HTA documents.

Implementing those documents kickstart a procedure that opens Powershell scripts, Excel and JavaScript to wind up downloading and installing the Nodersok malware, The Inquirer reported.