Thanks to Windows Defender the large-scale virus attack was stopped by DeFoil trojan
Many users still underestimate the importance of the existence of the anti-virus program for the fight against an unwanted software on the computer and disconnect even such standard thing as the Defender of Windows – and in vain.
On a network, there was news that exactly thanks to the Windows Defender program the large-scale virus attack was stopped by DeFoil trojan. Representatives of Microsoft reported about it on the blog.
Experts claim that 73% of the found attempts of cracking fell on Russia, 18% for Turkey and another 4% for Ukraine. The company reported that it prevented over 80 000 integrations of DeFoil, and within the subsequent 12 hours found 400 000 more attempts. However, it is unknown whether all of them were disabled, or is not present.
According to experts of the company, for mass infection, the principle of implementation of a program code in one of the processes launched in Windows by default – explorer.exe was involved. He activated one more, and last, in turn, was responsible for the start of a code for mining of digital currency of Electroneum. To note this “hole” it was hardly represented to the ordinary user possible – the trojan was implemented into the conventional process, and the system did not lock it access. Such approach would allow hackers to use capacities of the victims for months.
In addition to the changeover of explorer.exe, DeFoil entered changes in the register of the system, creating the double in Roaming AppData directory, and then the name changed on ditereah.exe. As a result, the new key in the register was created, or already existing is modified.
Microsoft was marked that those users who did not switch off Windows Defender on the Windows 7, 8.1 and 10 systems were safely protected from tricks of hackers.