Stories
Slash Boxes
Comments

SoylentNews is people

New Nodersok Malware Has Infected Thousands of PCs

posted by janrinok on Saturday September 28 2019, @01:44AM   Printer-friendly

upstart writes:

Submitted via IRC for SoyCow9427

Microsoft: New Nodersok malware has infected thousands of PCs

Thousands of Windows computers across the world have been infected with a new strain of malware that downloads and installs a copy of the Node.js framework to convert infected systems into proxies and perform click-fraud.

The malware, named Nodersok (in a Microsoft report) and Divergent (in a Cisco Talos report), was first spotted over the summer, distributed via malicious ads that forcibly downloaded HTA (HTML application) files on users' computers.

Users who found and ran these HTA files started a multi-stage infection process involving Excel, JavaScript, and PowerShell scripts that eventually downloaded and installed the Nodersok malware.

The malware itself has multiple components, each with its own role. There's a PowerShell module that tries to disable Windows Defender and Windows Update, and there's a component for elevating the malware's permissions to SYSTEM level.

But there are also two components that are legitimate apps -- namely WinDivert and Node.js. The first is an app for capturing and interacting with network packets, while the second is a well-known developer tool for running JavaScript on web servers.

According to Microsoft and Cisco reports, the malware uses the two legitimate apps to start a SOCKS proxy on infected hosts. But here is where the reports diverge. Microsoft claims the malware turns infected hosts into proxies to relay malicious traffic. Cisco, on the other hand, says these proxies are used to perform click-fraud.

Original Submission

 
This discussion has been archived. No new comments can be posted.
New Nodersok Malware Has Infected Thousands of PCs | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by barbara hudson on Sunday September 29 2019, @01:58AM

    by barbara hudson (6443) <barbara.Jane.hudson@icloud.com> on Sunday September 29 2019, @01:58AM (#900133) Journal
    Nothing to do with any illegal monopoly. You can't but it for other operating systems because the other operating systems lack decent speech engines. Festival is pretty much abandonware that sounds like the old dos sound blaster drsbaitso.exe 8 bit program.

    Several companies invested good money into speech engines. Remember Dragon Systems. I bought a program for Win31 that did speech to text, text to speech, and would respond to voice commands to start and close programs, move and ironized windows, write letters, and schedule programs to run, all for $20.

    Still can't do that with Linux for 10x the price. There's simply no business case for companies to invest resources to develop programs for Linux given it has no market share. You're free to invest your time and money in doing so, but Linux on the desktop is the definition of an unviable niche market. You can't even give it away to most people.

    --
    SoylentNews is social media. Says so right in the slogan. Soylentnews is people, not tech.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2