Skip to Content
Security & privacy

Leaked malware threatening Windows users everywhere

Lately, it seems like every week, there’s news of another group leaking so-called government hacking tools to the public. There’s the massive Wikileaks reveal of CIA hacks and their use by hacking groups. And the hits just keep on coming.

A group known as the Shadow Brokers has leaked alleged NSA tools used to attack and break into Windows computers. While the previously unknown tools are said to be extremely potent against earlier Windows versions, experts are saying that even Windows 10 is vulnerable as well.

The leaked tools include malware with codenames like EternalBlue, Oddjob, Esteemaudit, ZippyBeer, and Fuzzbunch. Most of these tools are capable of infiltrating and taking control of any pre-Windows 10 computer. If you think that old Windows computers usage should be dwindling by now, well, think again. Market research shows that older versions of Windows were used by more than 65 percent of desktop users surfing the web last month.

Most of the exploits are said to use zero-day vulnerabilities, previously unknown software exploits that are already being used by hackers even before the software makers are made aware of them.

Security expert Matthew Hickey, co-founder and director of cybersecurity firm Hacker House, is particularly troubled by the leaks and its scope. “In about an hour or so any attacker can download a simple toolkit to hack into Microsoft based computers around the globe,” he stated.

Microsoft’s response

On April 14, Microsoft published a blog post stating that after analysis of the leaked tools dumped by the Shadow Brokers, it found that most of the exploits were already patched by security updates issued earlier. To protect against these hacks, Microsoft encourages customers to keep their computers up-to-date with the latest security patches.

Microsoft’s list of patches and the corresponding tool is as follows:

Code NameSolution
EternalBlueAddressed by MS17-010
EmeraldThreadAddressed by MS10-061
EternalChampionAddressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher”Addressed prior to the release of Windows Vista
EsikmoRollAddressed by MS14-068
EternalRomanceAddressed by MS17-010
EducatedScholarAddressed by MS09-050
EternalSynergyAddressed by MS17-010
EclipsedWingAddressed by MS08-067

Additionally, Microsoft said the other remaining exploits “EnglishmanDentist,” EsteemAudit,” and “ExplodingCan” cannot be reproduced on supported versions of Windows – Windows 7 and later – and customers are advised to upgrade their versions to a supported platform as soon as possible. Note: support for Windows Vista just ended recently.

As we always say, to protect yourself against zero-day attacks and security holes, make sure you apply the latest security updates and software versions as soon as possible. Also, if you’re running an outdated and unsupported version of an operating system, please stop using it and upgrade to a supported version.

Read Microsoft’s official blog post addressing the Shadow Brokers leaks here.

More must-read stories:

Hackers use Microsoft Word bug to install malware on your PC!

This encrypting ransomware is the web’s biggest threat!

If you see this hook in a toilet, LEAVE and report it

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me