Pirated Windows Instances Have Been Infected with EternalBlue Exploit Code

Avira have published a report that contains information about unpatched Windows Machines which are infected with the EternalBlue Exploit Code. EternalBlue is one of the NSA exploits that made headlines in the news along with DoublePulsar and WannaCry.

According to a blog post from Avira, the unpatched systems are being exposed to cyber attacks and are  being serially infected by hackers.

“There are still notable numbers of repeatedly infected computers more than a year after the big WannaCry and Petya attacks,” said Mikel Echevarria-Lizarraga, senior virus analyst in the Avira Protection Lab. “Our research has linked this to Windows machines that haven’t been updated against the NSA Eternal Blue exploit and are an open target for malware.”

How many Systems were infected by this infection spree?

Security experts have pointed out that the number of systems that are exposed to the flaw is high with most of them having been infected multiple times. They also found that many of the machines are running a cracked version of the Windows operating system, hence they will not receive Windows Security updates.

The experts also discovered that more than 300,000 computers are affected by this issue with Avira  deactivating the SMBv1 protocol for around 14,000 computers each day.

The predominance of infected machines outside of North America and Europe roughly parallels studies from Statista on the use of unlicensed software.” concluded AVIRA.

This study found unlicensed software rates averaging around 52 – 60% outside the United States and the European Union and fell to 16% and 28% respectively in these areas. Unlicensed software is usually unable to get the latest patches against vulnerabilities such as EternalBlue.

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients