Skip to main content

Windows Defender halted 'massive' malware campaign this week, Microsoft says

Best Microsoft Surface Book Accessories of 2017
Best Microsoft Surface Book Accessories of 2017 (Image credit: Windows Central)

Windows Defender helped to prevent "massive" coin mining malware outbreak from spreading earlier this week. According to Microsoft{.nofollow}, the campaign attempted to infect nearly 500,000 computers throughout a 12-hour period, beginning just before noon on March 6.

The trojans, identified by Microsoft as variants of Dofoil (or Smoke loader), attempted to deliver a payload of cryptocurrency coin mining components. The majority of attacks, 73 percent, were detected in Russia, but significant activity was also detected in Turkey and Ukraine.

According to Microsoft, its machine learning models enabled it to begin blocking the threats within milliseconds of being flagged by Windows Defender.

  • Within milliseconds, multiple metadata-based machine learning models in the cloud started blocking these threats at first sight.
  • Seconds later, our sample-based and detonation-based machine learning models also verified the malicious classification. Within minutes, detonation-based models chimed in and added additional confirmation.
  • Within minutes, an anomaly detection alert notified us about a new potential outbreak.
  • After analysis, our response team updated the classification name of this new surge of threats to the proper malware families. People affected by these infection attempts early in the campaign would have seen blocks under machine learning names like Fuery, Fuerboos, Cloxer, or Azden. Later blocks show as the proper family names, Dofoil or Coinminer.

It's unclear if this attack would have reached the scale of 2017's massive WannaCry attack, but this is an interesting example of Microsoft's work with Windows Defender Advanced Threat Protection (ATP) in action.

Microsoft says that Windows 10, Windows 8.1, and Windows 7 machines running Windows Defender or Microsoft Security Essentials are protected from the outbreak.

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

5 Comments
  • Not bad at all, I really hope they shore up Windows Defender and Security Essentials much more. As after all these are the only security programmes some only use thinking they would be enough. But given the complex nature of some zero day exploits, you do need a robust solution that does have some sort of threat prevention built-in locally. This is a clear case of team work and resources. These teams need alot more resources.
  • It is more than enough.  I work in IT and I haven't seen a legitimate virus in years.  We don't run anything more than defender and I work with some extremely tech illiterate people.  Viruses mostly effect people torrenting garbage.  The worst thing I have seen in years is a website that block people from closing their browser. AV software is a huge waste of money.  Granted we have a firewall appliance that filters stuff, but has also never detected a virus to block.  This is on over 500 client windows pcs
  • Windows Defender team: Keep up the good work!
  • It plays out like a chase scene in a movie
  • ... wrong window, sorry. Can't delete post...