A new malware campaign detected by Proofpoint called Adylkuzz could prove more widespread than Wanna Cry. Hundreds of thousands of PCs and servers worldwide according to Proofpoint because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) using that same vulnerability and end users will only notice their Windows machine is running slowly and that they don’t have access to shared Windows resources. Adylkuzz, a crypto currency miner is installed and used to generate cybercash for the attackers. Michael Patterson, CEO at Plixer commented below.
Michael Patterson, CEO at Plixer:
“The use of another person’s computing resources without them knowing it is still a form of theft. The concern with Adylkuzz could be that because it doesn’t lock up a computer, organizations might be less fearful of it. The problem is that slow computers can lead to less productivity which can add up quickly to significant money. IT security teams should monitor network traffic patterns enterprise wide to try and uncover reductions in SMB traffic. This is why maintaining baselines of applications using technologies like NetFlow and IPFIX can mean the difference between finding the infection in a few days versus after several months. ”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.