Microsoft’s homegrown security antivirus Windows Defender recently prevented a major coin mining malware epidemic, Dofoil. It successfully blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Windows Defender successful strike was possible thanks to its Behaviour monitoring and cloud-powered machine learning capabilities.
As soon as the Dofoil unusual persistence mechanism was spotted through Behavior monitoring, immediate signals were transferred to cloud protection service, says Microsoft. Following describes the sequence of actions that happened in the background,
- At the first detection of unusual activities, within milliseconds, multiple metadata-based machine learning models in the cloud started blocking the threats
- Seconds later, Microsoft’s sample-based and detonation-based machine learning models also verified the malicious classification. Within minutes, detonation-based models chimed in and added additional confirmation
- Within minutes, an anomaly detection alert notified about a new potential outbreak
- After analysis, Microsoft’s response team updated the classification name of this new surge of threats to the proper malware families. People affected by these infection attempts early in the campaign would have seen blocks under machine learning names like Fuery, Fuerboos, Cloxer, or Azden. Later blocks show as the proper family names, Dofoil or Coinminer
As per Microsoft, Windows 10, Windows 8.1, and Windows 7 users who are running Windows Defender AV or Microsoft Security Essentials are all protected from this latest outbreak.
Windows 10 is the most protected OS among all
With cryptocurrencies find more acceptance in the market, there would be more coin mining malware attacks in the future. Hence, to protect your PC hardware being utilized in mining cryptocurrencies by the attackers, it is imperative that you use the best-guarded Windows OS.
Microsoft’s Windows 10 is well guarded by Windows Defender with timely security updates and live cloud protection. It has a layered approach to security, which uses behavior-based detection algorithms, generics, and heuristics, as well as machine learning models in both the client and the cloud, to provide real-time protection against new threats and outbreaks.
Windows Defender Advanced Threat Protection (Windows Defender ATP) flags malicious behaviors related to installation, code injection, persistence mechanisms, and coin mining activities. It also integrates protections from Windows Defender AV, Windows Defender Exploit Guard, and Windows Defender Application Guard, providing a seamless security management experience.