• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 

Mitel patches critical MiVoice MX-ONE Auth bypass flaw

 | 

Coyote malware is first-ever malware abusing Windows UI Automation

 | 

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

 | 

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

 | 

Stealth backdoor found in WordPress mu-Plugins folder

 | 

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Malware
  • Cracked Windows installations are serially infected with EternalBlue exploit code

Cracked Windows installations are serially infected with EternalBlue exploit code

Pierluigi Paganini September 18, 2018

According to Avira, hundreds of thousands of unpatched Windows systems are serially infected with EternalBlue exploit code.

The EternalBlue, is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack.

The malicious code was leaked online by the Shadow Brokers hacking group that stole it from the arsenal of the NSA-linked Equation Group.

ETERNALBLUE targets the Server Message Block SMBv1 protocol on port 445, it has become widely adopted in the community of malware developers to target Windows 7 and Windows XP systems.

Microsoft addressed the flaw with the MS17-010 and also released an emergency patch for Windows XP and Server 2003 in response to the WannaCry ransomware attacks.

EternalBlue

According to a new blog post published by Avira, unpatched systems remain exposed to cyber attacks and are serially infected by threat actors.

“There are still significant numbers of repeatedly infected machines more than a year after the big WannaCry and Petya attacks,” said Mikel Echevarria-Lizarraga, senior virus analyst in the Avira Protection Lab.

“Our research has linked this to Windows machines that haven’t been updated against the NSA Eternal Blue exploit and are an open target for malware.”

The number of unpatched systems exposed online is very high, experts pointed out that most of them have been infected multiple times, they were found to run cracked Windows installations this means that they did not receive Microsoft’s security updates.

“We were researching the reasons behind a number of machines having repeated infections,” added Mikel. “We’ve found that many of these serially infected machines were running activation cracks which means that they cannot or do not want to update Windows and install updates. It also means that they did not receive the March 2018 emergency patch from Microsoft for this vulnerability.”

Avira decided to turn off the SMB1 protocol entirely on the infected machine to stop the endless infection loop.

The experts discovered around 300,000 computers affected by the issue and the Avira Protection whatever is deactivating the SMB1 protocol on around 14,000 computers daily.

The list of the top ten countries for serially infected machines is:

  • Indonesia
  • Taiwan
  • Vietnam
  • Thailand
  • Egypt
  • Russia
  • China
  • Philippines
  • India
  • Turkey

The above list doesn’t surprise the experts, according to studies from Statista, the above countries are top nations for the use of unlicensed software.

“The predominance of infected machines outside of North America and Europe roughly parallels studies from Statista on the use of unlicensed software.” concluded AVIRA.

“This study found unlicensed software rates averaging around 52 – 60% outside the United States and the European Union and fell to 16% and 28% respectively in these areas. Unlicensed software is usually unable to get the latest patches against vulnerabilities such as EternalBlue.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – EternalBlue, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Equation group ETERNALBLUE Pierluigi Paganini Security Affairs Shadow brokers WannaCry attack Windows

you might also like

Pierluigi Paganini July 29, 2025
Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data
Read more
Pierluigi Paganini July 28, 2025
U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

    Hacking / July 29, 2025

    U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

    Security / July 28, 2025

    Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

    Security / July 28, 2025

    Scattered Spider targets VMware ESXi in using social engineering

    Cyber Crime / July 28, 2025

    China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

    Hacking / July 28, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT