Last week tens of thousands of computers were infected with ransomware that took advantage of Windows security vulnerabilities first identified by the US National Security Agency and subsequently leaked to the world by a group called Shadow Brokers.

While the quick work of a security researcher temporarily paused the spread of the WannaCry ransomware, it’s possible that computers that haven’t installed the latest Microsoft security updates could be vulnerable to future attacks.

It’s also possible they may have already been infected by malware called Adylkuzz that exploits the same vulnerability… but which may be harder to detect.

Symantec

Proofpoint identified a second attack that uses the NSA’s “EternalBlue” and “DoublePulsar” exploits to install software on your computer without your permission.

The Adylkuzz attack actually started spreading before Wannacry, but it was only recently noticed. That’s because WannaCry makes itself known pretty quickly by encrypting your personal data and then demanding you pay a ransom to unlock it. But this other attack lets you keep using your computer… but in the background it goes to work harnessing your PC’s resources to mine cryptocurrency called Monero.

Monero is similar to the better-known Bitcoin currency and it’s generated by using a computer’s computational resources… or in cases like this, by using the resources of multiple machines connected to one another in a botnet to act like a sort of supercomputer.

The long and short of it is that if you have a computer running Windows 8.1 or earlier, you should make sure you’ve installed Microsoft’s security update. There are even patches available for unsupported versions of the operating system going back as far as Windows XP.

Meanwhile, at least a few US Senators have proposed legislation that would prevent federal agencies like the NSA from stockpiling potentially dangerous security vulnerabilities like the ones that have made this attack possible.

On the one hand, they give US spy and law enforcement agencies tools that can be used in investigations. On the other hand, knowing about a security vulnerability and failing to communicate it to Microsoft (or Google, Apple, or whoever), poses the risk that an independent hacker could discover and exploit the same risk… or even worse, that the tools hoarded by the NSA, CIA, or FBI could be stolen and turned against the public — which is exactly what we’ve seen happen in this case.

via Reuters

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,547 other subscribers

One reply on “Thousands of PCs infected with cryptocurrency mining software using same vulnerability as WannaCry”

Comments are closed.