After WanaCry, there’s a new malware spotted named Adylkuzz that exploits the EternalBlue Microsoft SMB MS17-010 vulnerability.
However unlike WanaCry it does not really encrypt your files. In fact it does not do anything to your data. It simply uses the idle CPU to mine Monero, a cryptocurrency similar to Bitcoin.
How it works
Adylkuzz installs a known cryptocurrency miner called cpuminer (https://github.com/pooler/cpuminer) on compromised machines. Adylkuzz performs its mining operations in the background silently so it will obviously go un-noticed. However this may lead to performance issues on slower machines.
While it is not destructive, this virus is a parasite that can exhaust your (CPU) resources.
How does it spread
Adulkuzz does not spread automatically. It has to be pushed on a vulnerable computer, which means to scope of this malware is pretty limited. Symantec has reported only few hundreds of computers affected with this malware, which means it won’t do much harm.
The infection can be prevented by:
- Patching your computer for the EternalBlue Microsoft SMB MS17-010
- Disabling port 445
- Updating your IDS with the latest signatures