Mass Scan Revealed More Than 30000 Windows Computers Infected by NSA backdoor DoublePulsar

0

[jpshare] A Recent Mass Scan Revealed That More than 30000 Windows Machine Infected  by National Security Agency  Backdoor DOUBLEPULSAR .DOUBLEPULSAR one of the NSA hacking tools leaked last Friday by the Shadow Brokers .

 

This Mass Scan was performed in the course of recent days by Security Researchers  from Binary Edge, a Security firm headquartered in Switzerland.

 

The NSA Tool Called DOUBLEPULSAR that is designed to provide covert, backdoor access to a Windows system, have been immediately received by Attackers .

According to researchers ,Once installed, DOUBLEPULSAR  waits for certain types of data to be sent over port 445. When DOUBLEPULSAR  arrives, the implant provides a distinctive response.

security expert Matthew Hickey Said , DOUBLEPULSAR is a “multi-version kernel mode payload!” Also known as “malware downloader” which  downloading more potent malware executables on infected hosts.

Scanned More Than 107,000 Computers:

NSA implant is code-named ,DOUBLEPULSAR scanned still Now more than 107,000 Computers by Binary Edge .

Another scan don e by security firm Errata Security CEO Rob Graham  and another by researchers from Below0day  and Find Roughly 41,000 and 30,000 infected machines.

Over the past 24 hours—as additional scans have continued to detect between 30,000 and 60,000 infections

SMB exploits with DOUBLEPULSAR:

The exploits targeting SMB (Server Message Block) and NetBIOS protocol

SMB is a network file sharing protocol that allows applications on a computer to read and write (in)to files and request services from server programs in a computer network.

Security Researcher Rik van Duijn from DearBytes Explained a PoC ,“The DoublePulsar backdoor allows to inject and run any DLL (Dynamic Link Library), that way compromising the computer and using it for whatever purpose.

It is basically the default way computers are remotely managed in any environment, so a vulnerability in has huge impact.

It is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2.

That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker.

Also Read :