Vulnerability EternalBlue already known to experts on cyber security. It is believed that it worked on the national security Agency of the United States, and with the help of computers infected with the Trojan WannaCry. Now, according to the report of the company Proofpoint, EternalBlue exploit (CVE-2017-0144) used by the botnet Smominru for mining cryptocurrency Monero.
According to information provided by Proofpoint, Smominru operating under the operating systems of the Windows family, and at the moment it has already infected more than half a million computers worldwide. Usually infects those PC where not installed all the necessary updates to the system. The majority of infected computers located in Russia, India, and Taiwan.
The hackers used at least 25 machines to scan the Internet and search for vulnerable computers. The total resources of all infected PCs is enough for daily earning for attackers is about $ 8,500. At the time of detection, the scammers were able to get over 9000 coins, which is more than $ 3.6 million. Experts said that now Monero is quite difficult to produce on ordinary home computers, but such a distributed botnet can still be very effective.
In the past year, Microsoft has eliminated the vulnerability EternalBlue with updates updates MS17-010, releasing patches, even for officially supported operating systems: Windows XP, Windows Vista and Windows Server 2003. Therefore, the best defense in this case is a timely software update.
Chat about cryptocurrency.
Chat about iron mining.
Exploit the NSA had helped the virus to the miner to earn more than $ 3 million
Vyacheslav Larionov