Microsoft just pulled off a Superman. The Windows Defender at the company stopped a large scale malware distribution campaign that tried to infect almost 500,000 Windows PCs with a cryptocurrency miner.
Microsoft reveals in its blog that the Windows Defender antivirus software detected over 80,000 instances of Trojans with the payload known as Dofoil or Smoke loader. For over the period of next 12 hours, Defender picked up over 400,000 more encounters with the Trojan, which were mainly centred in Russia, however, some instances were also picked in Turkey and Ukraine. Dofoil uses a technique known as ‘process hollowing’ on the legitimate explorer.exe binary. The technique creates a new instance of the legitimate program but swaps out its code with malware.
0 comments: