Microsoft, Cisco find new malicious program which makes ‘zombie proxies’ out of PCs

A malicious program just discovered makes "zombie proxies" out of PCs it infects, warns Microsoft. The malicious program, however, uses legitimate software, while Microsoft claims it has contaminated several thousand PCs in Europe and USA. Security researchers from Cisco's Talos and Microsoft both published study papers current week which highlight the e-threat that the companies have named "Divergent" and "Nodersok" respectively.

Soon as the malware's infection sets on, the PCs convert into "bots" else "zombies" that the attackers start controlling. These are then leveraged for various activities, from carrying out extensive Distributed Denial-of-Service assaults to contaminating more computers. Soon as Nodersok acquires control over a PC it starts certain proxy service which the program's operators may utilize for hiding their tracks.

The above tactic isn't any new one at all. Cyber-crooks have at all times employed different tricks and tools so their attacks become harder for disruption, as well as for bypassing law enforcement authorities' identification. The proxy servers located at different places of the globe and when amassed into a network the latter's cyber-attack can be made to look as originating from anywhere, thus hiding the real place of origin.

The most novel aspect regarding Nodersok is its utilization of completely legitimate software for attaining the final goal it chases. One of the said software is WinDivert that is a powerful program frequently applied within content filtering applications, VPN, and firewall. Another is Node.exe belonging to Node.js environment a cross-platform and open-source interface which liberates JavaScript applications from Web-browsers to which they are originally confined. www.forbes.com posted this dated September 29, 2019.

Meanwhile, it is little known who controls Nodersok. Apparently, the malware's operators are everyday criminals and not any hostile nation-state. According to Cisco, the malware's main activity was to execute click fraud which would make money from websites via automatic generation of ad clicks.

Both 'Cisco' and 'Microsoft' feel eager for promoting their defense mechanisms designed for enterprises which can foil the malware. The majority of users do not have such resources at their disposal, while traditional signature-based AV programs encounter difficulties to ward off the threat.

» SPAMfighter News - 10/7/2019