Microsoft, Cisco Talos Found Malware Campaign Cause Zombie Proxies

Microsoft, Cisco Talos Found Malware Campaign Cause Zombie Proxies

A newly found strain of malware transforms PCs into what Microsoft ominously calls “zombie proxies” utilizing except legitimate programs, and the company claims it’s infected thousands of computers throughout the U.S. and Europe.

Microsoft and Cisco’s Talos researchers each launched reports this week that outlined this cyber threat, which the companies call Nodersok and “Divergent” respectively.

These malware campaigns have an identical objective regardless of the name: to get users to download and run an HTML application (HTA) probably distributed by malicious advertisements. This cause an elaborate hacking process that leaves some traces because it leverages existing programs or downloads legitimate tools similar to NodeJS, an app that executes Javascript outside of a web browser, and WinDivert, an app used to seize and divert network packets.

Later the malware disables Windows Defender, which describes how it’s prevented tripping the anti-virus software for this long, and may take control of a PC, but, Microsoft and Cisco researchers are both divided on its primary objective. Microsoft thinks attackers use this proxy to access other networks and “carry out stealthy malicious actions. In the meantime, Cisco Talos argues the malware shares several characteristics with other viruses designed to conduct click-fraud, a tactic that cost advertisers an estimated $19 billion last year alone based on News reports.

Either way, Microsoft states that the campaign has contaminated thousands of machines, with most attacks conducted this month and targeted at consumers. Both companies claim their anti-virus software has been up to date to detect this malware strain moving forward.

These reports come just months after the National Security Agency urged users to update their Windows machines within the wake of a critical security vulnerability called BlueKeep, which Microsoft patched back in May.