Microsoft Stops Malware Campaign That Tried to Infect 400,000 Users in 12 Hours

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018.

The Redmond-based OS maker attributes the detections to computers infected with the Dofoil malware —also known as Smoke Loader— a popular malware downloader.

Three-quarters of infection attempts detected in Russia

"Just before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods," said Mark Simos, Lead Cybersecurity Architect at Microsoft.

"Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters," Simos added.

Microsoft credits the immediate discovery of this trojan to its behavior-based and cloud-powered machine learning models included with Windows Defender.

Simos claims that its machine learning models picked up the new malware within milliseconds, classified the threat as malicious within seconds, and was actively blocking it within minutes.
...
...
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top