The vulnerability of EternalBlue is already known to cybersecurity professionals. It is believed that over it worked the US National Security Agency, and even with its help computers infect the encryptor WannaCry. Now, according to a report from Proofpoint, the EternalBlue exploit (CVE-2017-0144) is used by the Smominru botnet to extract the Montero crypto currency.
According to information provided by Proofpoint, Smominru is operating from under the operating systems of the Windows family, and at the moment it has already infected more than half a million computers around the world. As a rule, those PCs are infected where all necessary system updates are not installed. Most infected computers are located in Russia, India and Taiwan.
Hackers used at least 25 machines to scan the Internet and search for vulnerable computers. The total resources of all infected PCs are enough to earn about $ 8,500 a day for malicious users. At the time of detection fraudsters were able to obtain more than 9000 coins, which is more than 3.6 million dollars. Specialists noted that now Monero is quite difficult to obtain on ordinary home computers, but such a distributed botnet can still be very effective.
Last year, Microsoft removed the vulnerability of EternalBlue via update updates of MS17-010, releasing patches, even for not officially supported operating systems: Windows XP, Windows Vista and Windows Server 2003. Therefore, the best protection in this case is the timely update of the software.