Skip to Content
Security & privacy

Leaked malware threatening Windows users everywhere

It seems like every week, there’s news of another group leaking so-called government hacking tools to the public. There’s the massive WikiLeaks reveal of CIA hacks and their use by hacking groups. And the hits just keep on coming.

A group known as the “Shadow Brokers” has leaked alleged NSA tools used to attack and break into Windows computers. While the previously unknown tools are said to be extremely potent against earlier Windows versions, experts are saying even Windows 10 is vulnerable, as well.

The leaked tools include malware with codenames like “EternalBlue,” “Oddjob,” “Esteemaudit,” “ZippyBeer” and “Fuzzbunch.” Most of these are capable of infiltrating and taking control of any pre-Windows 10 computer. If you think these old computers should be dwindling by now, well, think again — market research shows older versions of Windows were used by more than 65% of desktop users surfing the web last month.

Most of the exploits are said to use zero-day vulnerabilities, previously unknown software exploits that are already being used by hackers even before the software makers are made aware of them.

Security expert Matthew Hickey, co-founder and director of cybersecurity firm, Hacker House, is particularly troubled by the leaks and its scope. “In about an hour or so, any attacker can download a simple toolkit to hack into Microsoft-based computers around the globe,” he stated.

Microsoft’s response

On April 14, Microsoft published a blog post stating that after analysis of the leaked tools dumped by the Shadow Brokers, it found most of the exploits were already patched by security updates issued earlier. To protect against these hacks, Microsoft encourages customers to keep their computers up to date with the latest security patches.

Microsoft’s list of patches and the corresponding tool is as follows:

Code NameSolution
EternalBlueAddressed by MS17-010
EmeraldThreadAddressed by MS10-061
EternalChampionAddressed by CVE-2017-0146 & CVE-2017-0147
“ErraticGopher”Addressed prior to the release of Windows Vista
EsikmoRollAddressed by MS14-068
EternalRomanceAddressed by MS17-010
EducatedScholarAddressed by MS09-050
EternalSynergyAddressed by MS17-010
EclipsedWingAddressed by MS08-067

Additionally, Microsoft said the other remaining exploits — “EnglishmanDentist,” EsteemAudit” and “ExplodingCan” — cannot be reproduced on supported versions of Windows (Windows 7 and later), and customers are advised to upgrade their versions to a supported platform as soon as possible. Note: Support for Windows Vista just ended recently.

Read Microsoft’s official blog post addressing the Shadow Brokers leaks here.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out