Windows Defender protects against a massive Dofoil attack
Windows 10 is protected against a new Dofoil attack
A huge Dofoil coin mining campaign has been successfully neutralized by Windows Defender, according to a blog post from Microsoft. More than 400,000 attacks have been registered within 12 hours, coming from Russia, Turkey and Ukraine, but thanks to behavior-based signals and machine-learning techniques, Windows Defender blocked these threats at first sight. We learn that Windows 10, 8.1 and 7 users running Defender AV are fully protected against these attacks.
1. Within milliseconds, multiple metadata-based machine learning models in the cloud started blocking these threats at first sight.
2. Seconds later, our sample-based and detonation-based machine learning models also verified the malicious classification. Within minutes, detonation-based models chimed in and added additional confirmation.
3. Within minutes, an anomaly detection alert notified us about a new potential outbreak.
4. After analysis, our response team updated the classification name of this new surge of threats to the proper malware families. People affected by these infection attempts early in the campaign would have seen blocks under machine learning names like Fuery, Fuerboos, Cloxer, or Azden. Later blocks show as the proper family names, Dofoil or Coinminer. [source]
This is great news for Windows Defender and Microsoft who are working seriously in making Windows OS more secure and reliable. Dofoil is one of the latest malware that uses coin miner components. The reason is simple – attackers want to add coin mining scripts in scam websites to use your processing power for coin mining.