HTA files are files belonging to a technology developed by Microsoft and that works in conjunction with Internet Explorer. The name of the hta extension comes from Hypertext Application or HTML Application. Somehow they are applications that act with HTML and CSS pages in the manner of exe files.
An HTA file can be executed directly from an HTML document.
HTA files contain hypertext code and can be created by renaming the HTM extension as HTA. When these files are opened online, they generate a dialog box.
Microsoft and Cisco Talos have identified a new malware, a new virus for Windows that is affecting thousands of computers in Europe. This malicious software is capable of converting computers into proxy servers, which can be used to spread the virus. This new malware, called by Microsoft Nodersok and Divergent by Cisco has the peculiarity that it can be ignored by Windows Defender, the Windows factory antivirus.
This malware uses the Node.js and WinDivert framework, which is a packet capture and diversion package in user mode for Windows: 2008, 7, 10 and 2016. Microsoft has ensured that Windows Defender is able to detect and block Nodersok, It has a bit difficult because it uses a network infrastructure that makes the attack go unnoticed.
According to Microsoft researchers, once Nodersok converts the systems into involuntary proxies, "he uses them as a relay to access other network entities (websites, C&C servers, compromised machines, etc.), which may allow them to perform activities malicious stealthy. "
Microsoft believes that its official antivirus can detect and block such software, however, believes it can be complicated because it "uses advanced techniques without files. [...] It is based on an elusive network infrastructure that makes the attack go unnoticed. ".
Cisco for its part believes that "this malware can be exploited by an attacker to attack corporate networks and appears to be designed primarily to perform click fraud.
This software is still in development, and according to the International Business Times it has already affected thousands of computers in both Europe and the United States. Microsoft has put a preventive measure on the table: avoid executing HTA files that we find in the system and that we don't remember downloading from us. We must not execute any file of this nature whose origin we do not recognize.