Researchers at Proofpoint have discovered Adylkuzz, a new virus that infects computers using the same method as Wannacry, but the target is different
The Wannacry hacker attack has now become the most talked about topic on industry sites, and not only. On the horizon, however, there is a new hacker attack that uses the same techniques already seen in Wannacry, but for a completely different purpose: to generate virtual currency.
We are talking about Adylkuzz, a new hacker attack that has been going on for a few weeks now and has affected thousands of computers worldwide. Unlike Wannacry, however, users do not know that they have been infected: in fact, the malware does not demand any ransom and above all it does not block access to their personal data. Although some experts are trying to create alarm around the new hacker attack, Adylkuzz is much less dangerous than Wannacry and so far it has not stolen people’s data: its only goal is to turn PCs into zombie computers, i.e. a device infected with a virus without the user’s knowledge and allowing the hacker to control it remotely, and use it to generate virtual currency.
How Adylkuzz works
In order to understand how Adylkuzz works, we need to take a small step back and talk about Wannacry. As we know by now, Wannacry is the hacker attack that was launched on May 12, 2017 and infected over 300,000 computers. Victims of the virus popped up a message on their screen warning them that access to their computer data was blocked and that to lift the restriction they needed to pay a $300 ransom in Bitcoin, a virtual currency that is difficult to trace. In technical jargon, Wannacry is a ransomware attack that aims to make money on the poor victims who want to get their personal data back. To spread the virus, hackers have used Eternal Blue, a cyber weapon in the hands of the NSA (the US National Security Agency) stolen by a hacker group that calls itself Shadow Brokers and that has released it online so that all hackers can use it for their shady business. The cyber weapon exploits a flaw in the Windows Server Message Block, which is the protocol used by the operating system to share files, printers and content between several interconnected computers.
Adylkuzz uses the same method as Wannacry to infect computers: it exploits the Windows SMB flaw and takes control of the PC. But unlike Wannacry it doesn’t demand any ransom, it only turns the pc into a zombie computer to generate Monero, a virtual currency similar to Bitocin and which has a market of over 400 million dollars. It is potentially much less dangerous than Wannacry because it does not steal our personal data and does not require any ransom.
What is a zombie computer
The new hacker attack was discovered by Proofpoint’s cyber security experts who reported that the virus would start infecting computers as early as April 24, but so far no one had noticed its presence. Adylkuzz was developed for a single purpose, to turn devices into zombie computers. If you are wondering what zombie computers are, the answer is very simple, they are PCs that have been infected by a virus, without the user being aware of it, and that allow the hacker to take control of it and use it for illicit purposes. In the case of Adylkuzz, the zombie computers are connected to each other to create a botnet and start generating the virtual currency Monero.
Virtual currencies like Monero and Bitcoin are created through complicated cryptographic processes and to be able to generate a substantial profit it is necessary to use very powerful computers connected to each other. That’s exactly what Adylkuzz does.
Why Adylkuzz is successful
Proofpoint researchers have studied the code of the new hacker attack and found out that hackers use special programs that are able to find all the computers in the network that have the SMB flaw. Once the victim is found, it is child’s play for the hackers to infect it.
Why is Adylkuzz less dangerous than Wannacry
Do we need to be alarmed about the new Adylkuzz attack? No. And the reason is quite simple: Adylkuzz is much less impactful than Wannacry and above all, it does not speculate on users’ personal data, but only uses their computers to generate a virtual currency. The only problem with Adylkuzz is that it is difficult for the user to know if he has been infected: in fact, the virus does not give any signal, except for a general slowdown of the PC processes.
How to defend yourself against Adylkuzz
To defend yourself against Adylkuzz, the first thing to do is to install the MS17-010 patch that Windows released a few months ago to fix the flaw. In this way your computer will be safe from possible attacks made through the cyber weapon Ethernal Blue. To be on the safe side, however, you might also decide to disable the SMB protocol directly. If you are not able, no problem, just download the program WannaSmile that in a few seconds will solve the problem. Finally, always remember to be careful when clicking on links or downloading content from the Net: behind a harmless banner ad you might be hiding ransomware or a virus that will infect your PC and take control of it.