By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft and Cisco Talos identified a new malware which has affected thousands of computers in the US as well as in Europe. The companies stated that this malware has an ability to turn the PCs into proxies for performing malicious activity. This malware was named by Microsoft as Nodersok while the Cisco Talos called it Divergent. This threat has many of its own components to carry out malicious activities but it also takes advantage of existing tools. It should be mentioned that this malware leverages widely used Node.js framework and WinDivert, which is a user-mode packet capture-and-divert package for Windows 2008, Windows 7, Windows 8, Windows 10 and Windows 2016 to turn infected machines into proxies for malicious behavior. Microsoft and Cisco Talos both the companies released the threat report on this malware on Wednesday, September 25 in separate blog posts. As per the Microsoft researchers once Nodersok turns the systems into unwitting proxies "it uses them as "a relay to access other network entities (websites, C&C servers, compromised machines, etc.), which can allow them to perform stealthy malicious activities." While both the companies had a different opinion as to exactly what it does, Cisco Talos researchers said that "This malware can be leveraged by an attacker to target corporate networks and appears to be primarily designed to conduct click-fraud. It also features several characteristics that have been observed in other click-fraud malware, such as Kovter." The company believes that this malware is still to be in active development. Follow this thread to OUR FORUM to learn more.

 

Translate