A few words of thanks would be greatly appreciated.

Nodersok, a new malware that's undetectable by most antivirus programs

Nodersol is a new malware that goes unnoticed by antivirus programs and has already infected thousands of computers worldwide, mainly in Europe and the United States. The consequences could be significant, so it's best to prepare. We'll fill you in!

What is Nodersok

Nodersok is a malware without files that attacks Windows computers. It was discovered by the Microsoft Defender ATP Research Team this year, and is very difficult track because it uses Living-off-the-land Binaries (LOLBin). It has already managed several attacks against individuals, governments, and companies, among others. So far, most of the attacks have been focused in Europe and The United States.

How Noderstok works and spreads

Nodersok stands out because it manipulates functions from the PC's own operating system, or tools from third parties, to sneak in while deactivating the antivirus' firewall.

How does it work?

This virus reaches computers via online advertising using the Node.js framework, which runs JavaScript outside of internet browsers, and WinDivert, an open source software that allows packet capture and diversion for versions Windows 2008, 7, 10, and 2016.

Once it infects a computer, the virus starts browsing pages with the aim of generating monetization through fake clicks from online advertising. At the same time, it uses proxy servers to continue spreading to other PCs.

How to protect yourself from Nodersok

Nodersok has attacked many personal computers, so we advise you to be alert. Microsoft has recommended to avoid running HTA files (or HTML applications, apps that act with HTML and CSS pages similar to .exe files). Also, do not save your download history. Most importantly, keep the antivirus updated to receive patches that will keep you safe.

Image: © iStock.

A few words of thanks would be greatly appreciated.

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jeff Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.

Original article published by . Translated by Daniel Telele. Latest update on by Daniel Telele.

This document, titled "Nodersok, a new malware that's undetectable by most antivirus programs," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (https://ccm.net/).