Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
News18 » Tech
1-min read

Microsoft and Cisco Talos Discover Malware that Turns PCs into 'Zombie Proxies'

Microsoft and Cisco’s Talos researchers have found that malware gets users to download an HTML application with malicious adds, triggering an elaborate hacking process.

Trending Desk

Updated:September 30, 2019, 5:01 PM IST
Microsoft and Cisco Talos Discover Malware that Turns PCs into 'Zombie Proxies'
Representative image.

Microsoft and Cisco’s Talos researchers have both released reports this week that outline a cyber-threat, where a newly discovered strain of malware transforms PCs into what Microsoft ominously calls “zombie proxies”. It uses otherwise legitimate programs, and the company has claimed it has infected thousands of computers across the US and Europe. According to a report, the companies call the malware Nodersok and “Divergent” respectively.

The malware campaigns get users to download and run an HTML application (HTA) most likely distributed through malicious ads. Subsequently, this triggers an elaborate hacking process that leaves few traces because it leverages existing programs or downloads legitimate tools like NodeJS, an app that executes Javascript outside of a web browser, and WinDivert, an app used to capture and divert network packets.

According to a Microsoft blog post, all of the relevant functionalities reside in scripts and shellcodes that are almost always coming in encrypted. These are then decrypted, and run while only in memory. No malicious executable is ever written to the disk and thus, cybersecurity experts call these attacks using these methods “fileless” campaigns. The blog further explains that the malware disables Windows Defender, which explains how it has avoided tripping the anti-virus software for so long, and take control of a PC. Nodersok can then turn the PC into a zombie-like proxy machine which can be used to launch other cyberattacks and even give hackers access to command and control servers. Microsoft states that the campaign has infected thousands of machines, with most attacks conducted this month and targeted at consumers.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: Chhavianshika Singh
Read full article
Next Story
Next Story

Also Watch


Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results