Microsoft has checked million of computers for the Locky and Kovter malware during the Patch Tuesday of this week. The company regularly performs these kind of checkups for which its Malicious Software Removal Tool (MSRT) is used. This tool is built into Windows and is able to detect and remove frequently discovered malware.
MSRT receives new malware-definitions each Patch Tuesday. This week these add detection for Locky and Kovter. Locky is considered a serious threat, recently Russian antivirus company Kaspersky Lab marked it as one of the biggest security threats of the first quarter of this year. Infections with Locky have been detected all over the world.
The ransomware is distributed through malicious macros in Office files. Once Locky infects the computer it encrypts all files and demands a ransom.
The other malware that is detected through this is update is Kovter, which performs click fraud on infected systems. This means the infected computers simulate clicks on advertisements which generates revenue that is paid to the cybercriminals behind the Kovter malware. This especially affects advertisers and advertising networks as they have to pay for the fake clicks that will never convert to sales.
Kovter is also distributed through malicious advertisements that tricks users into downloading an Adobe Flash Player update. The downloaded file isn't an update but malware. The Kovter malware seems to be mainly infection computers in the United States. Hundreds of thousands of Windows computers have been attacked this way, according to Microsoft.
Microsoft especially added Kovter detection because the malware is hard to remove. The Redmond software giant hopes to have a bigger impact by adding support for removing Kovter to MSRT.
