Jump to content

Microsoft says Windows Defender saved half a million PCs from crypto-mining malware


Recommended Posts

According to Microsoft, Windows 10's built-in antivirus software, Windows Defender, protected a malware epidemic that struck almost 500,000 PCs this week.

Just before midday on March 6, Windows Defender blocked 80,000 suspected attacks by a new group of trojans. They had never been seen before and weren't yet in Microsoft's threat database, but were identified based on their behaviour, which matched patterns commonly seen in malware. Within the next 12 hours, Defender recorded and thwarted another 400,000 instances.

The trojans were new variants of Dofoil (also known as Smoke Loader) – a type of malware that installs other software on the victim's device. Dofoil has been menacing PC users in various forms since 2011, but the payload keeps changing to keep with the times. This time, it was a cryptocurrency mining program that would hijack the host's hardware.

How Dofoil spreads

According to McAfee, Dofoil trojans usually arrive in email attachments – often embedded as macros in Microsoft Word documents. There are other routes though; in January, criminals targeted users in Germany looking for a patch for the Spectre and Meltdown bugs by creating a fake information page that appeared to be hosted by the German Federal Office for Information Security. The site appeared to offer a download link for the latest patch, but actually installed a variant of Dofoil.

Antivirus is essential and there are browser extensions that block webpages from loading cryptocurrency mining software, but the best way to protect yourself is caution – don't open attachments in unexpected emails and always check URLs before clicking.

The sheer scale of this attack makes it unusual, but Windows Defender isn't the only antivirus software to use behavioral analysis (also known as zero-hour protection) – it's something you'll find in all the security suites in our roundup of the best antivirus software.

http://feeds.feedburner.com/~r/techradar/software-news/~4/fD-IeiK1_Qk
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...