Security Market Segment LS
Monday, 17 September 2018 10:17

NSA's EternalBlue exploit still being used to target Windows

By
NSA's EternalBlue exploit still being used to target Windows Pixabay

German multinational security software company Avira says the EternalBlue exploit, leaked from the NSA by the Shadow Brokers, is still being used to exploit a larger number of unpatched Windows computers that can be exploited.

The company said it had found about 300,000 computers with this problem and its researchers were deactivating the vulnerable SMB1 protocol on about 14,000 computers every day.

The typical target was a cracked variant of Windows which had not been patched against the exploit, the company said in a blog post.

EternalBlue is used to exploit a weakness in Microsoft's Server Message Block protocol. Once a target has been broken into, it is possible to run code on the affected machine.

This is not the first time that a security company has pointed out that this exploit is still in wide use; in May, the Slovakian security firm ESET said EternalBlue was still posing a threat to both patched and unpatched systems.

In 2017, both the WannaCry and NotPetya ransomware both used this exploit to create havoc on a global scale.

Avira senior virus analyst Mikel Echevarria-Lizarrag said: "There are still significant numbers of repeatedly infected machines more than a year after the big WannaCry and Petya attacks.

"Our research has linked this to Windows machines that haven’t been updated against the NSA EternalBlue exploit and are an open target for malware.”

He said the reason behind repeated infections was that machines were running cracked activation software which meant they would not be able to update Windows.

"It also means that they did not receive the March 2018 emergency patch from Microsoft for this vulnerability."

Echevarria-Lizarrag said the solution was to turn off the SMB1 protocol entirely. “We decided to deactivate it on the machines that have the endless infection loop and where the related windows patches had not been installed.

“Once the SMB1 protocol is deactivated, we don’t see the same machines affected again and again with this problem.”

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments