HomeWinBuzzer NewsThousands of Unpatched Windows PCs Infected with NSA Malware following Shadow Brokers...

Thousands of Unpatched Windows PCs Infected with NSA Malware following Shadow Brokers Leak

Hundreds of hackers appear to be exploiting vulnerabilities found from the Shadow Brokers leak of the NSA's hacking tools. Despite the MS17-010 patch in March, researchers suggest at least 15,000 devices have been infected due to bad update practices.


When we reported on the NSA's hacking tools last week, confirmed an investigation and later said the exploits have been patched since March. However, while the Shadow Brokers leak has brought light to an important issue, it does open up the tools to anybody who wants to use them.

Following the release, hackers from around the world have been looking to exploit the vulnerabilities, and they've been pretty successful. Phobos Group founder Dan Tentler told the Register today that a growing amount of boxes on the public internet have the NSA's DOUBLEPULSAR installed.

Over 15,000 Infected Devices

Despite Microsoft's efforts, many users still haven't updated their machines. While the latest Windows 10 is safe, Windows 7, 8.1 and Vista require intervention. XP and Server 2003 users won't find a fix at all. A preliminary scan reveals over 15,000 infections and growing.

“The polite term for what's happening is a bloodbath,” said Tentler. “The impolite version is dumpster fire clown shoes shit show. I'm hopeful this is the wakeup moment for people over patching Windows machines.”

Naturally, the NSA's priority is stealth, so naturally, DOUBLEPULSAR is difficult to detect. However, infections can be confirmed via the response to a special ping to port 445. Statistics from other researchers show an even worse picture.

Tests by Below0Day show over 30,000 instances, while others are as high as 41,000. While it's unclear how many are false positives, it's clear that this problem will only grow. Naturally, this affects a number of machines hosted with 's AWS and Microsoft Azure. However, the most prevalent were hosts in India, Italy, and the US.

Thankfully, many businesses are untouched due to strict update policies. However, it only takes one weak link to cause mayhem, so you should really think about applying MS17-010 if you haven't already.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News