Microsoft says Windows Defender saved half a million PCs from crypto-mining malware

Microsoft says Windows Defender saved half a million PCs from crypto-mining malware
Microsoft says Windows Defender saved half a million PCs from crypto-mining malware
Microsoft says Windows Defender saved half a million PCs from crypto-mining malware
Microsoft says Windows Defender saved half a million PCs from crypto-mining malware
Microsoft says Windows Defender saved half a million PCs from crypto-mining malware

According to Microsoft, Windows 10's built-in antivirus software, Windows Defender, protected a malware epidemic that struck almost 500,000 PCs this week.

Just before midday on March 6, Windows Defender blocked 80,000 suspected attacks by a new group of trojans. They had never been seen before and weren't yet in Microsoft's threat database, but were identified based on their behaviour, which matched patterns commonly seen in malware. Within the next 12 hours, Defender recorded and thwarted another 400,000 instances.

The trojans were new variants of Dofoil (also known as Smoke Loader) – a type of malware that installs other software on the victim's device. Dofoil has been menacing PC users in various forms since 2011, but the payload keeps changing to keep with the times. This time, it was a cryptocurrency mining program that would hijack the host's hardware.

How Dofoil spreads

According to McAfee, Dofoil trojans usually arrive in email attachments – often embedded as macros in Microsoft Word documents. There are other routes though; in January, criminals targeted users in Germany looking for a patch for the Spectre and Meltdown bugs by creating a fake information page that appeared to be hosted by the German Federal Office for Information Security. The site appeared to offer a download link for the latest patch, but actually installed a variant of Dofoil.

Antivirus is essential and there are browser extensions that block webpages from loading cryptocurrency mining software, but the best way to protect yourself is caution – don't open attachments in unexpected emails and always check URLs before clicking.

The sheer scale of this attack makes it unusual, but Windows Defender isn't the only antivirus software to use behavioral analysis (also known as zero-hour protection) – it's something you'll find in all the security suites in our roundup of the best antivirus software.

• How to protect yourself from cryptomining

from TechRadar - Software news http://ift.tt/2FEsH2c

via Blogger http://ift.tt/2Ga5TW2
March 09, 2018 at 10:09PM
via Blogger http://ift.tt/2DfhIXQ
March 09, 2018 at 11:34PM
via Blogger http://ift.tt/2oXRvsz
March 10, 2018 at 02:33AM
via Blogger http://ift.tt/2oYSGb9
March 10, 2018 at 05:33AM
via Blogger http://ift.tt/2Fy42sW
March 10, 2018 at 02:33PM