Windows Defender is a free antivirus program that Microsoft joins to its operating system. However, he is not praised by security specialists and many users. Despite this, Microsoft believes that their tool can provide a high level of security. The proof of this thesis is that Windows Defender has recently prevented a massive attack of the virus named Dofoil.

Not so long ago the most popular type of viruses was the so-called ransomware, or malware, whose main task is to encrypt the victim’s files. On the other hand, cybercriminals count on income in the form of ransom for decrypting data. However, after loud attacks caused by WannaCry, Petya and NotPetya, the society gained greater awareness about security. People already know that paying ransoms is pointless, because criminals are not able to determine from which victims the cryptocurrency is made. That’s why cryptojacking attacks have gained popularity recently. They consist in creating viruses that turn victim computers into a cryptocurrency excavator (most often it is Monero).

Windows Defender has prevented the mass attack of Dofoil cryptocurrency virus

Antivirus software, which operates only on the basis of an up-to-date signature database of known threats, is not able to provide enough protection today. Fortunately, Windows Defender has been equipped with Machine Learning mechanisms that have identified an attempt to inject malicious code into explorer.exe. The Dofoil virus thus creates another instance of the process that performs the procedures planned by the cybercriminals. Ultimately, the victim’s computer is turned into a cryptocurrency excavator that brings the attackers a clean profit. After Windows Defender detected the first Dofoil virus attack, over 400,000 consecutive contagion attempts were prevented within 12 hours. Demographic data indicate that the virus was mainly active in Russia (73% of attacks), Turkey (18%) and Ukraine (4%).

Will these types of stories convince users to use Windows Defender? The attack was targeted at Windows 10, 8.1 and 7 users who are protected by Microsoft’s anti-virus. Despite this, the giant from Redmond recommends its customers upgrade to the latest version of Windows. The ideal solution would be to use Windows 10 S, which does not allow running external applications not provided with the system or from the Microsoft store. However, in practice, this means a lot of restrictions that most users do not like.

Source: Microsoft