adylkuzz

Adylkuzz – Now hackers want to earn from your CPU!

After WanaCry, there’s a new malware spotted named Adylkuzz that exploits the EternalBlue Microsoft SMB MS17-010 vulnerability.

However unlike WanaCry it does not really encrypt your files. In fact it does not do anything to your data. It simply uses the idle CPU to mine Monero, a cryptocurrency similar to Bitcoin.

How it works

Adylkuzz installs a known cryptocurrency miner called cpuminer (https://github.com/pooler/cpuminer) on compromised machines. Adylkuzz performs its mining operations in the background silently so it will obviously go un-noticed. However this may lead to performance issues on slower machines.

While it is not destructive, this virus is a parasite that can exhaust your (CPU) resources.

How does it spread

Adulkuzz does not spread automatically. It has to be pushed on a vulnerable computer, which means to scope of this malware is pretty limited. Symantec has reported only few hundreds of computers affected with this malware, which means it won’t do much harm.

Prevention

The infection can be prevented by:

  1. Patching your computer for the EternalBlue Microsoft SMB MS17-010
  2. Disabling port 445
  3. Updating your IDS with the latest signatures

 

Leave a Reply

Your email address will not be published. Required fields are marked *