NOTICE: Windows patch also protects against Adylkuzz malware attack

The information below was sent to the IT Security Community on May 18, 2017.

As expected, variants on WannaCry/WannaCrypt and additional malware that exploits the recent Windows vulnerability (MS17-010) are continuing to cause problems for computers and servers around the world that have not yet been patched. You may have seen news stories about malware called Adylkuzz. Microsoft's patches for supported versions of Windows address this vulnerability as well.

Adylkuzz is causing some computers and servers around the world to perform slowly. It spreads through EternalBlue, the same Microsoft Server Message Block (SMB) exploit that WannaCry uses. Once it infects a computer, it downloads instructions, a crypto miner, and cleanup tools. It then uses the infected computer to mine for Monero, which is a virtual currency similar to Bitcoin. The only symptoms a user of the computer might notice are slow performance and loss of access to some Windows resources.

Information Assurance (IA) continues to monitor the situation. Please reassure people:

• Personal computers set for automatic Windows updates are protected against additional attacks that exploit the same vulnerability.
• Updates were distributed to MiWorkspace machines in March, so those machines are protected.
• Windows Defender Antivirus, the anti-virus software recommended for U-M use, detects and removes both WannaCry and Adylkuzz.

Action Items

• Make sure U-M systems are updated. If you are responsible for university machines running Windows, make sure the patches have been applied.
• Update Windows on your own personal computer. Keep your personal computer updated. Run Windows Update. Better yet, set your computer to update automatically.

See Microsoft's Guidance for WannaCrypt Attacks for information about the patches.

Safe Computing Remains the Best Protection

In general, the best protection for your devices is this:

• Keep your software and apps up-to-date.
• Do not click suspicious links in email.
• Do not open shared documents or email attachments unless you are expecting them and trust the person who sent them.
• Use secure, trusted networks.

For more information, see Phishing & Suspicious Email, Secure Your Devices, and Use a Secure Internet Connection on the U-M Safe Computing website.

References

• Adylkuzz hack, called larger than WannaCry, slows computers across the globe (CBS News, 5/17/17)
• Botnet using NSA's exploits could grow bigger than WannaCry (CNET, 5/17/17)
• Adylkuzz Cryptocurrency Mining Malware Spreading for Weeks Via EternalBlue/DoublePulsar (Proofpoint, 5/15/17)
• Trojan: Win32/Adylkuzz.A (Microsoft Malware Protection Center, 4/28/17)