Technology
BlueKeep mass attacking vulnerable machines
San Francisco, Nov 4
The "BlueKeep" remote code execution vulnerability, which could have an effect similar to the WannaCry bug from 2017, is currently attacking vulnerable machines that are apparently compromised for cryptocurrency mining purposes, according to media reports.
The BlueKeep vulnerability exists in unpatched versions of Windows Server 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.
According to security researcher Kevin Beaumont, several honeypots in his EternalPot RDP honeypot network started to crash and reboot.
They've been active for almost half a year and this is the first time they came down. For some reason, the machines in Australia did not crash, the researcher said in a tweet, Bleeping Computer reported on Sunday.
Security researchers, including Beaumont who originally named the vulnerability and Marcus Hutchins, also known as "MalwareTech", who was responsible for hitting the kill switch that stopped the WannaCry bug, have confirmed that a widespread BlueKeep exploit attack is now currently underway.
Hutchins was quoted as saying by the Wired that "BlueKeep has been out there for a while now. But this is the first instance where I've seen it being used on a mass scale."
Interestingly, BlueeKeep has the ability to spread itself from one machine to another, while the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the Internet.
For now though, this looks like being an attack campaign with a cryptocurrency miner payload, according to Forbes.
The BlueKeep vulnerability exists in unpatched versions of Windows Server 2003, Windows XP, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2.
According to security researcher Kevin Beaumont, several honeypots in his EternalPot RDP honeypot network started to crash and reboot.
They've been active for almost half a year and this is the first time they came down. For some reason, the machines in Australia did not crash, the researcher said in a tweet, Bleeping Computer reported on Sunday.
Security researchers, including Beaumont who originally named the vulnerability and Marcus Hutchins, also known as "MalwareTech", who was responsible for hitting the kill switch that stopped the WannaCry bug, have confirmed that a widespread BlueKeep exploit attack is now currently underway.
Hutchins was quoted as saying by the Wired that "BlueKeep has been out there for a while now. But this is the first instance where I've seen it being used on a mass scale."
Interestingly, BlueeKeep has the ability to spread itself from one machine to another, while the attackers are searching for vulnerable unpatched Windows systems that have Remote Desktop Services (RDP) 3389 ports exposed to the Internet.
For now though, this looks like being an attack campaign with a cryptocurrency miner payload, according to Forbes.

23 seconds ago
New weekly injection to offer steady Parkinson's medication, cut need for daily pills

3 minutes ago
IIT Delhi launches MRI research facility to foster innovation in medical imaging

4 minutes ago
WHO acknowledges India’s efforts in integrating AI in traditional medicine, Ayush

5 minutes ago
Sugar & oil boards in govt offices, schools ‘excellent step’ for healthy India: Experts

9 minutes ago
Delegation of Nepal Embassy visits AIIMS Bhopal, holds meetings with foreign students

10 minutes ago
S. Korean PM welcomes protesting medical students' decision to return to school

12 minutes ago
Neeraj Chopra vs Arshad Nadeem: Olympic rivals set for Diamond League duel in Silesia

13 minutes ago
China's diving team tests new pairings ahead of World Championships

14 minutes ago
Women's Euro: Sweden rout Germany 4-1 to top group, Poland earn historic win

15 minutes ago
MotoGP 2025: Marc Marquez fends off Zarco for wet-weather pole in Grand Prix of Germany

16 minutes ago
Huge achievement for a fast bowler: ICC chair Jay Shah congratulates Starc for 100-Test milestone

18 minutes ago
Conway, Hay, Neesham and Robinson called into NZ's T20I squad for Zimbabwe tri-series

18 minutes ago
East Bengal FC sign Edmund Lalrindika from Inter Kashi FC on 3-year deal