Microsoft takes action against Phorpeix malware botnet threat

Radu Tyrsina
by Radu Tyrsina
CEO & Founder
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an... Read more
Affiliate Disclosure
  • The Microsoft security team is currently investigating the infamous Phorpiex botnet.
  • This malicious software is known to spread the Avaddon ransomware on user's PCs.
  • Phorpiex bot disables the Microsoft Defender antivirus in order to conduct the attack.
  • Users can stay protected by not downloading unsafe content and limiting PC access.
Microsoft investigates Phorpiex malware bot

In an ever-changing online environment, keeping track and dealing with ransomware-spreading malware has always proved to be a daunting task.

Security teams everywhere are scrambling to meet these new threats head-on, but the complexity and stubbornness of some malicious software may sometimes make these efforts seem futile.

Phorpiex botnet is under Microsoft’s security surveillance

Microsoft is currently conducting an ample investigation against this malware botnet.

Even though this malicious software has been plaguing the internet for quite some time, the security team is uncovering new details on its spreading technique and operating methods.

The Phorpiex botnet is used to deliver ransomware, spam emails, Microsoft says.

This botnet’s targeting for bot distribution and installation also expanded, as more recent activity shows a shift to a more global distribution. Statistics confirm Phorpiex to now be present in over 160 countries.

One of the main reasons why Microsoft is taking an interest in Phorpiex, is because the bot disables the Microsoft Defender antivirus, in order to maintain persistence on the targeted devices.  

This includes modifying registry keys to disable firewall and antivirus popups or functionality, overriding proxy and browser settings, setting the loader and executables to run at startup, and adding these executables to the authorized application lists.

Why is Phorpiex so dangerous?

The Phorpiex botnet is known to have been used in order to distribute malware payloads such as GandCrab and Avaddon ransomware, or for sextortion scams.

According to Microsoft, the Avaddon ransomware is capable of performing language and regional checks for Russia or Ukraine before running, to ensure only favored regions are targeted.

Apparently, Avaddon generally makes ransom demands of around $700 worth of Bitcoin. That’s a hefty price to pay just because you haven’t protected your computer,

How can I protect myself against Phorpiex?

The first and most important piece of advice would be to not download unsafe content or apps that were not developed by a trustworthy company.

You can also keep yourself safe by limiting the people who have access to your computer and sensitive information.

Another way you can prevent these attempts by enabling the tamper protection in Microsoft Defender for Endpoint, which is Microsoft’s cloud-based advanced security feature.

This option will automatically revert all the changes that the bot constantly tries to perform on your machine.

What other steps are you taking in order to avoid becoming a victim of ransomware attacks? Tell us about your experience in the comments section below.  

This article covers:Topics: