Categories: Security

NSA Malware ‘Infects Nearly 200,000 Systems’

An attack tool developed by the US’ National Security Agency (NSA) and released online earlier this month has already been used to infect nearly 200,000 systems worldwide, with the number rising by nearly 80,000 over the past weekend alone, researchers said.

The Doublepulsar exploit tool had infected 106,410 systems as of Friday, with the figure rising to 183,107 by Monday, said Binary Edge, a Swiss computer security firm.

‘Beautifully designed’

The US was by far the biggest target, with nearly 70,000 infections, followed by Hong Kong with fewer than 10,000.

Binary Edge said it scanned Internet hosts worldwide that had port 445 open – the port used by Doublepulsar – and applied a detection script developed by security company Countercept.

Binary Edge said Doublepulsar is “beautifully designed” and doesn’t require much technical sophistication to use, meaning online criminals have been able to rapidly adopt it since its release on 7 April.

The findings are a particular cause for concern since the security vulnerability exploited by Doublepulsar was patched in the MS17-010 fix released in Microsoft’s March update, a full month before the exploit was made public.

Ease of use

Doublepulsar is the payload of a number of NSA infection tools and once exploited allows an attacker to execute arbitrary code, effectively delivering complete control of the system.

Industry observers compared it to Conficker, a computer worm first detected in 2008 that spread widely and has proven particularly difficult to eradicate.

The difference, however, is that Doublepulsar and the other NSA tools are so easy to exploit, with researchers noting that step-by-step walkthroughs on their use have been posted on YouTube.

Doublepulsar and other materials allegedly stolen from the NSA have been published over the past several months by a group calling itself Shadow Brokers.

The most recent release included presentations and other materials suggesting the NSA compromised systems linked to the international SWIFT money transfer system in order to trace transfers linked to criminal or militant groups.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

3 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

3 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

3 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

3 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

3 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

3 days ago