Microsoft Detects New Malware That Turns PCs Into ‘Zombie Proxies’

Researchers from Microsoft have just detected new malware that can pose a risk to a countless number of computers all over the world. The malware will turn all infected PCs into ‘zombie proxies’ to launch a series of malicious cyber attacks. The company refers to it as ‘Nodersok’.

According to the researchers of the Defender Advanced Threat Protection (ATP) at Microsoft:

They also further said:

This kind of attack will trigger when a victim starts to download and run Player1566444384.hta – a file of HTML application (also known as HTA).

The file name’s digits may vary according to different attacks. The Defender ATP of Microsoft also pointed out that compromised advertisements were likely to be an infection vector that distributes the HTA files.

When users execute any of these files, they will initiate a complicated process to open up JavaScript, Excel, and Powershell scripts. ‘Nodersok’ tends to leave some traces due to its making use of existing programs, as well as downloading legal tools such as NodeJS (an application can execute JavaScript out of a web browser), or WinDivert (an application is capable of capturing and diverting network packets).

In addition, on its official blog, Microsoft explained how the malware could do to disable Windows Defender. That’s also why ‘Nodersok’ could avoid the surveillance of the antivirus software for such a long time and gain the control of infected PCs. Most of the attacks relating to the malware have been conducted in September and the major victims are consumers.