hacking Linux

Adylkuzz Attack Is Spreading Fast Than WannaCry


Wannacry is not the only one ransomware which is troubling world right now. Security firm Proofpoint has discovered another attack which  is installing the cryptocurrency miner Adylkuzz.

EternalBlue/DoublePulsar attack from one of several identified hosts, then Adylkuzz being download from another host – A hash of a pcap of this capture is available in the IOCs table

According to the proofpoint: Attackers spread a massive ransomware attack worldwide using the EternalBlue exploit to rapidly propagate the malware over corporate LANs and wireless networks. EternalBlue, originally exposed on April 14 as part of the Shadow Brokers dump of NSA hacking tools, leverages a vulnerability (MS17-010) in Microsoft Server Message Block (SMB) on TCP port 445 to discover vulnerable computers on a network and laterally spread malicious payloads of the attacker’s choice. This particular attack also appeared to use an NSA backdoor called DoublePulsar to actually install the ransomware known as WannaCry.


Symptoms of this attack include loss of access to shared Windows resources and degradation of PC and server performance.



READ THIS ALSO  Best Tools For Programmers On Linux In 2018