Leaked NSA Tools Compromising Vulnerable, Unpatched Windows Systems
April 23rd, 2017
Exposing SMB to the Internet on unpatched Windows machines… *shaking head while chortling deeply*
NSA exploits or no NSA exploits, people who do this on purpose are idiots and better make their time.
Via: Register:
The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told.
On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he’s seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed on them. These hijacked machines can be used to sling malware, spam netizens, launch further attacks on other victims, and so on.
DOUBLEPULSAR is a backdoor used to inject and run malicious code on an infected system, and is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2. That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker. Both DOUBLEPULSAR and ETERNALBLUE are leaked Equation Group tools, now available for any script kiddie or hardened crim to download and wield against vulnerable systems.
In March, Microsoft patched the SMB Server vulnerability (MS17-010) exploited by ETERNALBLUE, and it’s clear that some people have been slow to apply the critical update, are unable to do so, or possibly just don’t care.
The fix is available for Windows Vista SP2, Windows 7, Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2008 SP2, Windows Server 2008 R2 SP1, Windows Server 2012 and Windows Server 2012 R2, Windows Server 2016, and Server Core. If you have an older vulnerable system, such as XP or Server 2003, you’re out of luck.
<!–
–>
<!– AD CAN GO HERE
END: AD CAN GO HERE –>
Leave a Reply
You must be logged in to post a comment.
Source Article from http://www.cryptogon.com/?p=50851
Related posts:
Views: 0