"BlueKeep" attack hits unpatched Windows PCs2019-11-04 18:09 by Daniela
Security researchers have spotted the first mass-hacking campaign using the BlueKeep exploit; however, the exploit is not being used as a self-spreading worm, as Microsoft was afraid it would happen.
In May this year, Microsoft released a patch for the highly-critical remote code execution flaw in its Windows Remote Desktop Services that could be exploited remotely to take full control over vulnerable systems just by sending specially crafted requests over RDP.
But so far, the widespread BlueKeep hacking merely installs a cryptocurrency miner, leeching a victim's processing power to generate cryptocurrency. And rather than a worm that jumps unassisted from one computer to the next, these attackers appear to have scanned the internet for vulnerable machines to exploit. That makes this current wave unlikely to result in an epidemic.
"BlueKeep has been out there for a while now. But this is the first instance where I've seen it being used on a mass scale," says Marcus Hutchins, a malware researcher for security firm Kryptos Logic who was one of the first to build a working proof-of-concept for the BlueKeep vulnerability. "They're not seeking targets. They're scanning the internet and spraying exploits."
Read more -here-