With WannaCry garnering a lot of attention over the last few days, it’s easy to forget that the root cause of the damage it wreaked is still out there. The vulnerability it exploited was a weakness in Windows’ file-sharing protocol. And while the threat of WannCry has been largely contained, if the vulnerability, dubbed EternalBlue by the NSA, remains unpatched, it can be exploited by others. And that’s something being identified in the wild.
There’s a report at The Verge that describes some other EternalBlue-based malware that has been identified. One variant, Adylkuzz, is unlikely to affect too many people as it tries to mine for a small-time crypto-currency. Interestingly, it was around before WannaCry suggesting those bad guys weren’t thinking big enough.
But a nastier variant called UIWIX, found by Trend Micro, can infect machines without writing to storage making it harder to detect. That suggests the rapid shutdown of WannaCry and the subsequent actions of Microsoft in fixing the out-of-support Windows XP, has pushed malware developers to accelerate their programs in order to exploit the remaining pool of vulnerable computers.
Again, I reiterate my advice. Update your software regularly and don’t run out-of-support operating systems and applications.