Home » Cybersecurity » Malware » Malware spotlight: Nodersok

Malware spotlight: Nodersok

by Graeme Messina on January 23, 2020

Introduction

The zombie movie film genre has long been a favorite among horror film fanatics, as shown by the ever-growing number of films that portray an undead apocalypse. Each of these zombie franchises features a different way of causing zombification.

As life sometimes imitates art, this concept extends to the world of malware. An emerging new malware, analogous to a new zombie franchise, is Nodersok. This newly-discovered malware can turn PCs into zombies with a method never seen before and should be considered a new type of malware altogether.

This article will detail the Nodersok malware. We’ll explore what Nodersok is, what makes it so dangerous, how it works, who would be using Nodersok (and how are they using it) and how it can be shut down in its tracks.

What is Nodersok?

Nodersok is both a malware and attack campaign with an unknown author and origin. This malware was discovered by both Microsoft and Cisco Talos, who refer to it as Nodersok and Divergent respectively.

Sponsorships Available

This malware has been seen to take advantage of preexisting tools and use a multi-stage, fileless attack strategy in its attack campaign. These legitimate tools are known as living-off-the-land binaries, or LOLBins, and they already exist on computers. The effect is similar to an abuse-of-system-feature attack, where attackers take advantage of inherent characteristics of systems. If jujitsu or judo comes to mind when thinking of this, you’re on the right track.

What makes Nodersok so dangerous?

There are a couple of reasons why Nodersok should be taken seriously — both of which are used to fly under the radar and avoid detection. First, as mentioned earlier, the tools that Nodersok brings to the cyberattack are relatively mundane and 100% legitimate. These tools are: