Microsoft Researchers and Cisco Talos Detected a Malware Called Nodersok

Cybercriminals have various reasons for infecting a computer with malware and most of the time the attack is done to steal information. Malware takes control of vulnerable computers to assist perps in their criminal activities and the device becomes a bot under the attacker’s control. Recently a new fileless malware called Nodersok was discovered by Cisco Talos and Microsoft which can take control of a computer and set-up a proxy service to make the criminal controllers untraceable. Proxy server networks that are scattered around the globe can make an attack look like it is coming from any location chosen by the attacker.

Nodersok makes use of legitimate software to fulfill its goal and one such software is WinDivert, a powerful tool that is mostly used in, VPN, firewall, and content filtering apps. Node.exe is software that is part of the Node.js environment which can free JavaScript applications from constraints of a web browser is also used to execute an attack. The activities of Nodersok is hard to detect because it makes use of non-malicious codes and definition based detection becomes irrelevant in this case. Advanced software that makes use of heuristics and machine learning is also known to struggle under such attacks. Microsoft researchers identified behavior patterns which came as a relief to online advertisers because the main purpose of Nodersok is to facilitate click fraud.