By Mike Herrington
The newest malware threat doesn’t identify itself with a flashy box — and it doesn’t even ask for a ransom. It’s not noticeable, beyond making a computer run slower than usual.
The new threat is called “Adylkuzz.” It uses the same vulnerability in old versions of Windows as the recent “WannaCry” attack to gain access to your machine. This attack, however, operates in the background of computers. It installs a “miner” to generate the cryptocurrency called Monero. Cryptocurrency is a form of digital money, and you can make it with computer processing power. The more processing power you have, the more currency you can “mine.”
Some of you may be familiar with BitCoin. BitCoin is one of the first and most popular forms of digital currency. Digital currency is big business lately with BitCoin climbing in value to over $2,300 per coin. Monero is BitCoin’s little sister, currently trading at $41 per coin. Both BitCoin and Monero have one thing in common: They are touted to be secure, private and untraceable. A perfect currency for cyber criminals.
Monero has a process where you can use computer processing power to essentially generate more currency. They call this process “mining” and there are professional miners out there that have large server farms specifically designed for this activity and do it for a living. Like most things, it can be a lot of work. Not everybody wants to work that hard, and so “Adylkuzz” was born.
Hackers use Windows security exploitation to gain access to your computer and silently install the Adylkuzz virus. You don’t see it and it doesn’t make a peep. It installs a tiny mining application and begins to tax your CPU, using its resources for mining. Even more clever, it can spread from machine to machine across networks like WannaC ry.
Thus, with no investment, hackers can have thousands of computers put to work in their “mine,” leveraging their CPUs and system resources to essentially print money for the bad guys. It’s a brilliant plan if you’re a bad guy.
The only symptom that you will generally experience is a general slowness on your computer. This is caused because the CPU is taxed for their mining purposes. It can go undetected for weeks or months at a time. Adylkuzz started infecting machines around May 2 and has been found on 150,000 machines.
The upside to this threat is that it will prevent your computer from getting other viruses. Apparently, the creators of Adylkuzz didn’t want other viruses taking up the precious processing power they were trying to steal, so it will block threats like WannaCry.
Symptoms of this attack include loss of access to shared Windows resources and poor performance of your PC. At this point, most antivirus solutions that have been updated recently will detect the virus if a scan is run. It’s recommended that if you see any of these symptoms, you use your antivirus to run a scan on your machine immediately. Many will find and remove it. If that doesn’t work, there is a free product out there called Spyhunter that is reported to be effective at eliminating this threat.
This again emphasizes the importance of cyber security to business owners around the world. This is not as significant a threat as WannaCry, but it is another good reason to take proper security measures.
This threat is eliminated by good “digital hygiene.” That means not using older, unsupported operating systems like Windows XP and Server 2003. It also means keeping things up to date with regular patches and updates from Microsoft, ensuring regular backups of all your data and a quality antivirus solution. Securing your network with a quality firewall at the perimeter can also help protect all the machines on your network as well.
Mike Herrington is the manager of business development at i.t.NOW.