TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Behavior monitoring & Machine Learning capabilities behind Windows Defender successful Dofoil diffuse

Microsoft’s homegrown security antivirus Windows Defender recently prevented a major coin mining malware epidemic, Dofoil. It successfully blocked more than 80,000 instances of several sophisticated trojans that exhibited advanced cross-process injection techniques, persistence mechanisms, and evasion methods. Windows Defender successful strike was possible thanks to its Behaviour monitoring and cloud-powered machine learning capabilities.

Windows Defender

As soon as the Dofoil unusual persistence mechanism was spotted through Behavior monitoring, immediate signals were transferred to cloud protection service, says Microsoft. Following describes the sequence of actions that happened in the background,

  1. At the first detection of unusual activities, within milliseconds, multiple metadata-based machine learning models in the cloud started blocking the threats
  2. Seconds later, Microsoft’s sample-based and detonation-based machine learning models also verified the malicious classification. Within minutes, detonation-based models chimed in and added additional confirmation
  3. Within minutes, an anomaly detection alert notified about a new potential outbreak
  4. After analysis, Microsoft’s response team updated the classification name of this new surge of threats to the proper malware families. People affected by these infection attempts early in the campaign would have seen blocks under machine learning names like Fuery, Fuerboos, Cloxer, or Azden. Later blocks show as the proper family names, Dofoil or Coinminer

As per Microsoft, Windows 10, Windows 8.1, and Windows 7 users who are running Windows Defender AV or Microsoft Security Essentials are all protected from this latest outbreak.

Windows 10 is the most protected OS among all

With cryptocurrencies find more acceptance in the market, there would be more coin mining malware attacks in the future. Hence, to protect your PC hardware being utilized in mining cryptocurrencies by the attackers, it is imperative that you use the best-guarded Windows OS.

Microsoft’s Windows 10 is well guarded by Windows Defender with timely security updates and live cloud protection. It has a layered approach to security, which uses behavior-based detection algorithms, generics, and heuristics, as well as machine learning models in both the client and the cloud, to provide real-time protection against new threats and outbreaks.

Windows Defender Advanced Threat Protection (Windows Defender ATP) flags malicious behaviors related to installation, code injection, persistence mechanisms, and coin mining activities. It also integrates protections from Windows Defender AV, Windows Defender Exploit Guard, and Windows Defender Application Guard, providing a seamless security management experience.

Updated on Tags:

AnkitGupta@TWCN

Ankit Gupta is a writer by profession and has more than 7 years of global writing experience on technology and other areas. He follows technological developments and likes to write about Windows & IT security. He has a deep liking for wild life and has written a book on Top Tiger Parks of India.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap