|
The
U.S. Department of Homeland Security on Wednesday announced the
vulnerability, which could be exploited to take control of an
affected computer, and urged users and administrators to apply a
patch.
Rebekah Brown of Rapid7, a cybersecurity company, told Reuters
that there were no signs yet of attackers exploiting the
vulnerability in the 12 hours since its discovery was announced.
But she said it had taken researchers only 15 minutes to develop
malware that made use of the hole. "This one seems to be very,
very easy to exploit," she said.
Rapid7 said it had found more than 100,000 computers running
vulnerable versions of the software, Samba, free networking
software developed for Linux and Unix computers. There are
likely to be many more, it said in response to emailed
questions.
Most of the computers found are running older versions of the
software and cannot be patched, said Brown.
Some of the computers appear to belong to organizations and
companies, she said, but most were home users.
The vulnerability could potentially be used to create a worm
like the one which allowed WannaCry to spread so quickly, Brown
said, but that would require an extra step for the attacker.
Cybersecurity researchers have said they believe North Korean
hackers were behind the WannaCry malware, which encrypted data
on victims' computers and demanded bitcoin in return for a
decryption key.
(Reporting and writing By Jeremy Wagstaff; Editing by Michael
Perry)
[© 2017 Thomson Reuters. All rights
reserved.] Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
|
