Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Detects Massive Dofoil Attack - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Detects Massive Dofoil Attack
Quoting SecurityWeek:

Mid-day Tuesday (PST), Microsoft's Windows Defender blocked more than 80,000 instances of several new variants of the Dofoil (aka Smoke Loader) downloader. The signatureless machine learning capabilities of Defender detected anomalous behavior, and within minutes had protected Windows 10, 8.1 and 7 users from the outbreak. 


Sign Up for Free or Log In to start participating in the conversation!