In a tweet posted on Tuesday evening AEDT, Beaumont, a former Microsoft threat researcher, said he had good news.
"...after years OneDrive is finally hosting no malware listed on @abuse_ch, and for the first time in history Microsoft have fallen off the top 10 malware hosters," he wrote.
Microsoft figuring out how to respond: pic.twitter.com/VFODnnAKQ0— Kevin Beaumont (@GossiTheDog) October 18, 2021
"All the Bazaloader, BazaISO and Qakbot TR payloads are gone. Keep it up MS. Customers are safer."
Joking aside, Microsoft have some really good security products and they should use them, that’s at the heart of this.— Kevin Beaumont (@GossiTheDog) October 18, 2021
Defender AV with cloud already detects most of these files - they should use it on Office365 OneDrive *before* serving files.
This came after Beaumont criticised the company on Sunday for its casual attitude towards removing malware from its platforms like OneDrive and Office365.
The security firm Palo Alto Networks describes BazarLoader this way, "...(sometimes referred to as BazaLoader) [it] is malware that provides backdoor access to an infected Windows host.
"After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network."
An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows.
VirusTotal is a site where security researchers can submit any ransomware they find and have it scanned by anti-virus engines to see if it can be identified.