Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

Adylkuzz Crytocurrency Miner Is Not the Next WannaCry

Symantec Security Response – Adylkuzz Crytocurrency Miner Is Not the Next WannaCry

Adylkuzz impact and prevalence is much lower than WannaCry

There have been reports of another threat, known as Adylkuzz, leveraging MS17-010 to propagate to vulnerable machines. MS17-010 is the same vulnerability used by WannaCry to propagate across networks however this is where the similarity with Adylkuzz ends.

Symantec customers using IPS have been proactively protected against attempts to exploit MS17-010.

Cryptocurrency mining

The main purpose of Adylkuzz is to mine Monero, a crytocurrency similar to Bitcoin. Adylkuzz installs a known cryptocurrency miner called cpuminer on compromised machines. Adylkuzz performs its mining operations in the background therefore infected users are unlikely to notice its presence. However, mining operations are CPU intensive so having a miner running on your machine could lead to performance issues.

While a nuisance, Adylkuzz does not have the same impact on compromised machines as ransomware threats which could lead to data loss and wide scale disruption.

Propagation

Adylkuzz leverages MS17-010, also known as EternalBlue to compromise machines. Adylkuzz attackers scan the internet for vulnerable machines to install their malware. Unlike WannaCry, Adylkuzz does not have the ability to self-propagate. It was WannaCry’s ability to self-replicate that allowed it to spread very quickly within organisations.

Advertisement - scroll to continue reading

Low prevalence

Due to the effectiveness of IPS in proactively blocking infections, Symantec is observing low infections of Adylkuzz. Symantec has blocked over 44 million attempts to exploit MS17-10 and observed fewer than 200 machines with Adylkuzz infections.

For more information or to speak to a Symantec spokesperson please contact Veronica Rojo at veronicar@botica.co.nzor visit the Symantec Security Response blog post available here.


© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.