News

Number of NSA Implant Infected Systems Rises After Shadowbrokers Dump

By admin
Spread the love

Several security researchers report seeing a rising number of infections with an NSA implant released by the Shadowbrokers last week as part of a larger collection. This concerns the so-called Doublepulsar implant.

The Register writes that the Doublepulsar backdoor is installed using the Eternalblue exploit, which was also part of the Shadowbrokers dump. Researcher Dan Tentler reports to the site that he recently identified about 15,000 infections through a Shodan search. Researcher Robert Graham says a more thorough search was able to identify about 41,000 infections.

Microsoft already released a patch in March for the vulnerability used by Eternalblue. However, this does not mean that all vulnerable systems have implemented this patch. Old versions of Windows, such as XP and Server 2003, will no longer receive the security update and therefore remain vulnerable. Tentler estimates that some script kiddies started infecting systems after the Shadowbrokers was released, which is pretty straightforward.

Taken systems can be used, among other things, to send spam, spread malware or carry out DDoS attacks. A large number of the infected systems are located in the United States. Affected systems can be identified by the response to a specific ping on port 445. Security company MWR InfoSecurity recently published an analysis of Doublepulsar.

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Russian ministry bans iPhones due to suspicion of espionage

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Senate adopts bill to make doxing a punishable offense

News

Apple withdraws Rapid Security Response security update for WebKit vulnerability

Exit mobile version