‘ExplodingCan’ malware may affect 375,000 computers running Microsoft Windows 2003

‘ExplodingCan’ malware may affect 375,000 computers running Microsoft Windows 2003

A potential cyber-attack termed the ‘ExplodingCan’ may affect at least 375,000 computers running on Microsoft Windows 2003.

The codes for ‘ExplodingCan’ malware were stolen from the NSA by hackers who were also behind the WannaCry ransomware attacks.

Microsoft Windows 2003 servers run the Internet Information Services version 6.0 (IIS 6.0) web server which is known for carrying an unpatched flaw since long. According to security research firm Secarma, hackers will exploit the said flaw to infect as many as 375,000 computers around the world.

Critical flaw that let hackers remotely access PCs patched by Microsoft

By exploiting the said flaw, hackers behind ‘ExplodingCan’ will not only be able to gain remote access to computers but will also be able to download other malware like WannaCry which will then be used to extort money from users.

“Ultimately this is in the same risk category as the WannaCry attacks. It’s another way for cyber criminals and hacking teams to access your environment and, once they’re in, the internal parts of these systems are wide open to a variety of different attack vectors,” said Paul Harris, managing director of Secarma to the Daily Mail.

The new malware will not be able to infiltrate computers running Windows 2008 or newer versions of the operating system, the research firm added.

Microsoft presently offers a custom support programme which includes regular security patches to outdated systems against fees which can run up to $1,000 a year. However, Microsoft has also been quite vocal in urging users of such systems to upgrade to the latest Windows software which offers the best protections.

Microsoft delayed roll-out of free WannaCry patch until Friday

According to a report published in The Financial Times in May, Microsoft allegedly delayed rollout of a free security patch against WannaCry ransomware to promote its own ‘custom support’ programme. The delay helped spread the malware’s reach to 150 countries within hours.

The WannaCry ransomware affected over 200,000 systems across 150 nations. However, hackers behind it have warned that they will launch more malicious codes in June to hack into more computers and phones around the world. The hackers have also claimed that they will dump data from central banks using the SWIFT international money transfer network and will also access data related from nuclear and missile programmes of countries like China, Russia, Iran and North Korea.

Microsoft lashes out at NSA for failing to prevent ransomware attacks

“If you have not updated software which is vulnerable to these tools, then the blunt truth is that you may be hit in the next wave. In the longer-term attackers will simply use whatever new exploit code comes along in commonly Internet facing software. For now, the best bet would be the Shadow Brokers dump,” noted researchers at Secarma in a blog post.

“Given past behaviour we made an educated guess that the next missile may be sitting right next to the last one. After all this arsenal was created allegedly to allow a nation state to enter any network of their choosing with ease. It contained exploits for many common pieces of software which are being used to power businesses today,” they added.

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]