Microsoft revealed today that Windows Defender stopped a massive malware distribution campaign that attempted to infect over 400,000 users with a cryptocurrency miner during a 12-hour period on March 6, 2018.
The Redmond-based OS maker attributes the detections to computers infected with the Dofoil malware —also known as Smoke Loader— a popular malware downloader.
Three-quarters of infection attempts detected in Russia
“Just before noon on March 6 (PST), Windows Defender AV blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods,” said Mark Simos, Lead Cybersecurity Architect at Microsoft.
“Within the next 12 hours, more than 400,000 instances were recorded, 73% of which were in Russia. Turkey accounted for 18% and Ukraine 4% of the global encounters,” Simos added.
Microsoft credits the immediate discovery of this trojan to its behavior-based and cloud-powered machine learning models included with Windows Defender.
Simos claims that its machine learning models picked up the new malware within milliseconds, classified the threat as malicious within seconds, and was actively blocking it within minutes.
“People affected by these infection attempts early in the campaign would have seen blocks under machine learning names like Fuery, Fuerboos, Cloxer, or Azden. Later blocks show as the proper family names, Dofoil or Coinminer,” Simos said. Continue reading…
Full Article Source: BleepingComputer