Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools


Vulnerable unpatched systems expose exploitable SMB networking to world+dog.

The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told.

On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he’s seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed on them. These hijacked machines can be used to sling malware, spam netizens, launch further attacks on other victims, and so on.

DOUBLEPULSAR is a backdoor used to inject and run malicious code on an infected system, and is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2. That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker. Both DOUBLEPULSAR and ETERNALBLUE are leaked Equation Group tools, now available for any script kiddie or hardened crim to download and wield against vulnerable systems.

Src & full report : theregister.co.uk

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s