Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours

[Faybert]

Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018.

The Redmond-based OS maker attributes the detections to computers infected with the Dofoil malware —also known as Smoke Loader— a popular malware downloader.

Three-quarters of infection attempts detected in Russia

"Just before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods," said Mark Simos, Lead Cybersecurity Architect at Microsoft.

"Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters," Simos added.

Microsoft credits the immediate discovery of this trojan to its behavior-based and cloud-powered machine learning models included with Windows Defender.

Simos claims that its machine learning models picked up the new malware within milliseconds, classified the threat as malicious within seconds, and was actively blocking it within minutes.
...
...
...

 

[Electr0n]

It seems that defender is upping it's game.

 

[soccer97]

That was a good read. Thank you.

This is one of the benefits of telemetry. Please make sure your Windows Defender definitions are up to date.

You can manually download the latest release here: https://www.microsoft.com/en-us/wdsi/definitions
Latest definition updates for Windows Defender Antivirus and other Microsoft antimalware - Windows Defender Security Intelligence