February 19, 2024

Editors' notes

This article has been reviewed according to Science X's editorial process and policies. Editors have highlighted the following attributes while ensuring the content's credibility:

fact-checked

trusted source

proofread

Researchers spot BlueKeep worm hitting honeypots

by University of Sharjah

Security researchers are seeing the first indications of self-replicating malware or worms exploiting unpatched Windows systems vulnerable to the BlueKeep remote desktop protocol flaw.

Researchers spot BlueKeep worm hitting honeypots

Over the weekend, well-known OpenSecurity.global researcher Kevin Beaumont tweeted that his EternalPot RDP honeypots had started crash with Windows Blue Screen of Death (BSoD) in all regions they were deployed in bar Australia.

Honeypots are systems specifically set up by security researchers to catch exploit attempts.

Marcus Hutchins, a researcher who rose to instant fame after mitigating the destructive WannaCry ransomware attack and his arrest by United States authorities afterwards for alleged malware dissemination, chipped in with a preliminary analysis of the crashes.

Hutchins suspected they're due to a BlueKeep worm making the rounds.

Further analysis by Hutchins confirmed that this is a BlueKeep exploit, arriving some six months after the vulnerability was published.

The malicious code delivered by the worm downloads and executes a series of encoded Windows PowerShell commands.

These fetch another payload, an executable that runs a miner for the Monero crypto-currency.

Beaumont later said that "we found definite BlueKeep exploitation in wild across every country with a RDP honeypot (except Australia)."

He added in a blog post that there are over 724,000 internet-accessible systems that are not patched against the BlueKeep vulnerability.

Administrators should also patch internal systems against BlueKeep, as history has shown that worms can spread to these as well.

Microsoft has warned that the BlueKeep vulnerability is extremely serious, and could lead to another WannaCry malware epidemic, or worse.

Patches have been issued for vulnerable Windows systems, including Windows XP and Windows Server 2003, both of which are long out of support.

The Australian Cyber Security Centre has urged administrators to apply the available patches. as soon as possible.

Explore further

Best TV deal: Smsung's The Frame TV is under $1,000 at Amazon
66 shares

Feedback to editors

Giants pick up 5th
Giants pick up 5th

2024-07-09 19:17

Global academics slam ACTA draft
Global academics slam ACTA draft

2024-07-09 19:09

IT pros still see cloud as risky
IT pros still see cloud as risky

2024-07-09 18:48

Senate Committee Report: Dump the NBN
Senate Committee Report: Dump the NBN

2024-07-09 18:34

BIOMECHANICS & BEYOUND
BIOMECHANICS & BEYOUND

2024-07-09 18:27

Gartner: CIOs must ensure that smart machines behave ethically
Gartner: CIOs must ensure that smart machines behave ethically

2024-07-09 17:17

Harbour MSP and E3 build Melbourne data centre
Harbour MSP and E3 build Melbourne data centre

2024-07-09 17:11

Analysis: Can Apple still be the challenger brand?
Analysis: Can Apple still be the challenger brand?

2024-07-09 17:02

Column: Player revolt helped Presidents Cup and now hurts it
Column: Player revolt helped Presidents Cup and now hurts it

2024-07-09 16:52

Vocus eyes layer 3 service on NBN
Vocus eyes layer 3 service on NBN

2024-07-09 16:48

Load comments (0)