New Malware Turns Thousands Of PCs Into Conduits For Attacks Via Web Apps

In addition to botnets, the latest malware strain which has been detected by Microsoft and researchers from Cisco's Talos can also gain illegal control of your systems. They call it Nodersok or Divergent.

By using web apps, the malware turns your PCs into proxies and creates malevolent Internet traffic. Victims of these attacks have to run an HTA file, also known as HTML application file, via a rouge download or ad, triggering a complicated sequence of events. In the HTML application, JavaScript downloads an independent JavaScript file, running a PowerShell command in turn, which downloads as well as runs a host of tools. These include tools that ask for further control, create an intended proxy, steal data packets, as well as to deactivate Windows Defender.

It is crucial that the infection will conduct its task by making use of legitimate programs that may be downloaded via third parties or integrated into Windows. None of the malware programs are copied to the storage. And therefore, security teams found it difficult to check the code or take countermeasures.

Who stays behind Nodersok is still a mystery. However, it is seemingly a product of normal criminals rather than rival countries. According to Cisco, the malware was designed primarily for click scam or creating ad clicks automatically in a bid to increase revenue by using websites. Common consumers in the US and Europe are the major targets of this malware, not users from government agencies or corporates.

To prevent Nodersok, both Cisco and Microsoft have made great efforts to boost their defense systems for enterprises. However, those resources are not always available to access to most people. And it is more difficult for them to run any antivirus software that operates based on a conventional signature.

As stated by Microsoft, the Nodersok malware strain has been infecting thousands of systems within a few weeks, and this is not let up soon.