Nodersok Malware Guide

Nodersol is a new malware that goes unnoticed by antivirus programs and has already infected thousands of computers worldwide, mainly in Europe and the United States. The consequences could be significant, so it's best to prepare. We'll fill you in!

What is Nodersok

Nodersok is a malware without files that attacks Windows computers. It was discovered by the Microsoft Defender ATP Research Team this year, and is very difficult track because it uses Living-off-the-land Binaries (LOLBin). It has already managed several attacks against individuals, governments, and companies, among others. So far, most of the attacks have been focused in Europe and The United States.

How Noderstok Works

Nodersok stands out because it manipulates functions from the PC's own operating system, or tools from third parties, to sneak in while deactivating the antivirus' firewall.

This virus reaches computers via online advertising using the Node.js framework, which runs JavaScript outside of internet browsers, and WinDivert, an open source software that allows packet capture and diversion for versions Windows 2008, 7, 10, and 2016.

How it Spreads

Once it infects a computer, the virus starts browsing pages with the aim of generating monetization through fake clicks from online advertising. At the same time, it uses proxy servers to continue spreading to other PCs.

How to Protect Your PC From Nodersok

Nodersok has attacked many personal computers, so we advise you to be alert. Microsoft has recommended to avoid running HTA files (or HTML applications, apps that act with HTML and CSS pages similar to .exe files). Also, do not save your download history. Most importantly, keep the antivirus updated to receive patches that will keep you safe.

Image: © iStock.

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Nodersok Malware Guide », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (