Thousands of Windows PCs Infected with DOUBLEPULSAR After Shadow Brokers Leak

Exterminator

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Last weekend, hacking group Shadow Brokers leaked a set of Windows hijack tools allegedly used by the NSA, but Microsoft quickly downplayed the security risk, explaining that patches for all exploited vulnerabilities are already available for download.

And while this is undoubtedly true, having patches available for download doesn’t necessarily mean that Windows users are secure. They need to actually install these patches.

And according to a new report from The Reg, this didn’t happen, and this is how thousands of computers ended up getting infected with malware in the last few days.
It turns out that the main exploit being used to compromise Windows systems since the Shadow Brokers leak is ETERNALBLUE, which used DOUBLEPULSAR backdoor to infect a PC. At least 15,000 systems have already been discovered as infected with DOUBLEPULSAR, while other researchers are pointing to a number that is three times bigger.

Vulnerability patched in March
The worst thing is that the vulnerability that hackers are trying to exploit was already patched by Microsoft in March this year with MS17-010, so this means that systems that got compromised weren’t actually running this update.

The patch is aimed at systems running Windows Vista SP2 and newer, so users on Windows XP can be easily infected, with no way to deploy the patch because support is no longer provided. Everyone else needs to deploy the patch as soon as possible.

“This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server,” Microsoft explains.

Most of the infected systems are based in the United States, the report states, and the number is very likely to increase in the coming days and weeks, as most of the users who haven’t yet deployed the patch fixing the vulnerability are unlikely to do so anytime soon.

If you are running a Windows 10 PC that is completely up to date, you are entirely protected, though this doesn’t necessarily mean that your system is not exposed to other exploits, so the typical recommendations to stay away from content coming from untrusted sources is still valid.
Click to expand...
 
  • Like
Reactions: Solarquest, ZeroDay, XhenEd and 4 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
Replies
2
Views
1,556
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
vtqhtr413
    • Like
    • +Reputation
Security News Raspberry Robin malware returns with early access to Windows exploits
Replies
0
Views
1,050
Security News
vtqhtr413
vtqhtr413
nicolaasjan
    • Like
    • +Reputation
Thousands of WordPress sites hacked through tagDiv plugin vulnerability
Replies
0
Views
1,281
News Archive
nicolaasjan
nicolaasjan

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top