Eurolink Blog


Windows Warning: Nodersok Virus (AKA Divergent)

A new strain of malware has infected thousands of computers globally, enabling infected system to be used to spread malicious traffic and also to perform click-fraud. The malware, which both Microsoft and Cisco have highlighted in reports, delivers a rare NodeJS-based malware, distributed via malicious adverts on sites, which then forcibly download files onto users' computers. Microsoft has identified and named the malware "Nodersok", meanwhile Cicso have dubbed the same malware as "Divergent". 

What makes the malware unique and particularly hard to spot is its use of NodeJS - a programme which allows Javascript to be executed on a PC, outside of the web browser, along with its use of WinDivert. Both are legitimate pieces of software and are not commonly used for distribution of viruses meaning that the malware has gone undetected by antivirus software. Once installed, infected computers are at risk of hostile usage, having been identified in both the distribution of more malicious traffic to networked and connected PCs, as well as in the use of click-fraud.  

The majority of installations have happened in the last month on EU and US based machines.

So what's the advice?

  • Watch out for internet downloads and remove any that you don't know. The system automatically downloads via HTML applications and clicking on unknown files is a risk. What's more, only download and execute what you actually need, and make sure you are hygienic in your processes and only download from trusted sources.
  • Ensure your Windows Defender is up to date. Windows has already spotted the issue and says that the files leave a noticeable footprint if you know what you are looking for. The programme should therefore be able to spot any installations on your machine.
  • Always make sure your antivirus is up to date and is from a reputable company. The footprint of the virus has been shared and security firms are releasing patches and updates to protect PCs. 
  • Avoid clicking on banner adverts, particularly from unfamiliar websites. If you're really interested in the advert, go direct to the website and not via the banner advert to protect from unwanted files. 

Get in touch with one of the team

We will be very happy to help you