Header Ads


Microsoft has shown an impressive display of strength this week, as its Windows Defender prevented a massive outbreak of malware. This outbreak involved the attack on nearly 500,000 systems in a span of a few hours. The malware spread earlier this week but was checked by Windows Defender and Microsoft Security Essentials.

About the Malware:

The malware is a coin-mining software that acts as a Trojan and has the potential to affect up to 500,000 computers throughout a twelve hour time period. This is so deadly and risky because people are quite easily drawn to the monetary benefits available from the internet, especially after the popularity of the Bit Coin Crypto-currency. However, most of the so called “benefits” can prove to be a bane rather than a boon. Hence the malware had greater chances of succeeding in the attempted attack.

The Attack and the Corresponding Stoppage of the Outbreak:

Microsoft identified that the Trojans were actually a species of the Dofoil (or Smoke Loader), attempting to send a payload of crypto-currency coin mining components. Almost 73% of the attack was reported in Russia. Ukraine and Turkey also showed significant signs of being under the exposure.
What prevented any significant damage was the set of machine learning models, developed by the reputed company. The models helped in blocking the threats within milliseconds of being flagged by the Windows Defender. Those were meta-data based machine learning models, in the cloud which can block these unwanted threats at first sight.
Following up were the sample-based and detonation-based machine learning models which had the job of verifying and categorising the malware variety. After that, extra information was added by the latter machine learning variety, i.e. the detonation-based model. Soon Microsoft was notified about a potential outbreak because of an anomaly detection alert, which was triggered.
The response team of Microsoft classified the threats under their correct categories and malware families, after analysis. Inflicted persons, under these attack attempts would have seen blocks under machine learning names like Fuery, Fuerboos, Cloxer or Azden. The blocks were identified later as specific family names such as Dofoil or Coinminer.
Hence, one can safely conclude that the attack was comparable to the large outbreak of “Wanna Cry” virus in 2017. It can be agreed that the prevention was a classic demonstration of Microsoft’s powerful monitoring system, coupled with Windows Defender Advanced Threat Protection (ATP). This multi-billion dollar company has also mentioned that the users of Windows 7, 8.1 and 10 were safe owing to the presence of Microsoft Security Essentials and Windows Defender (ATP).
- Soumya Ranjan Mukherjee