msm1267 quotes a report from Threatpost: A little more than two weeks after the latest ShadowBrokers leak of NSA hacking tools, experts are certain that the DoublePulsar post-exploitation Windows kernel attack will have similar staying power to the Conficker bug, and that pen-testers will be finding servers exposed to the flaws patched in MS17-010 for years to come. MS17-010 was released in March and it closes a number of holes in Windows SMB Server exploited by the NSA. Exploits such as EternalBlue, EternalChampion, EternalSynergy and EternalRomance that are part of the Fuzzbunch exploit platform all drop DoublePulsar onto compromised hosts. DoublePulsar is a sophisticated memory-based kernel payload that hooks onto x86 and 64-bit systems and allows an attacker to execute any raw shellcode payload they wish. "This is a full ring0 payload that gives you full control over the system and you can do what you want to it," said Sean Dillon, senior security analyst at RiskSense. Dillon was the first to reverse-engineer a DoublePulsar payload, and published his analysis last Friday. "This is going to be on networks for years to come. The last major vulnerability of this class was MS08-067, and it's still found in a lot of places," Dillon said. "I find it everywhere. This is the most critical Windows patch since that vulnerability." Dan Tentler, founder and CEO of Phobos Group, said internet-net wide scans he's running have found about 3.1 percent of vulnerable machines are already infected (between 62,000 and 65,000 so far), and that percentage is likely to go up as scans continue. "This is easily describable as a bloodbath," Tentler said.
I work for a medical billing software... (Score:3, Interesting)
company, and I think all of our Internet-facing Windows servers have been compromised. We do everything we can, but there's still processes that use tons of bandwidth with outgoing traffic that we can't stop.
Why do you have Windows hosts on the public-facing Internet??? WHY WOULD YOU DO THAT PROFOUNDLY STUPID THING?!???!?
And you can expect to find it used in the wild in about a few seconds next...
(At least, luckily it got discovered though public channels : It got published by shadowbrocker and got analysed by experts.
So at least our sysadmin have heard about it.
Security solutions vendor will try to get ways to detect and neutralize it.
If the NSA wasn't evil (Score:4, Insightful)
I guess it's a difference of philosophy. I want my computing to be as secure as possible. The NSA wants to hack anyone's system at anytime.
My philosophy is comment sense, the NSA's is pure evil considering it lessens my security.
Ah, a "just doing my job" apologist...
I think it's about time for the Butlerian Jihad
Seriously, every new technology just gives greed and hate more power. There seems to be nothing anyone can do about it, which baffles me. Why can't they catch ransomware assholes and throw them into jail for a long long time? They can do anything else but catch the bad guys. WTF - must be no MONEY in it. MONEY MONEY MONEY. That's the only arbiter of anything in our broken 'culture'.
