Home Malware Programs Vulnerability EternalRed


Posted: October 9, 2020

EternalRed, also known as SambaCry, is the name that cybersecurity experts use to refer to a vulnerability in UNIX-based systems that is similar to the EternalBlue exploit for Windows. This vulnerability concerns the old versions of Samba, a software package that adds Server Message Block (SMB) functionality to systems. Allegedly, the EternalRed exploit was already used successfully, but, thankfully, it was used to propagate a threat far less threatening than the ones linked to the use of the EternalBlue exploit.

The EternalRed vulnerability is preventable by using an up-to-date version of the Samba software package. Outdated versions, however, may be vulnerable to threatening attacks that would allow a threatening implant to spread laterally across the compromised network.

A Threatening EternalRed Exploit is Already Used in the Wild

The first attack to use the EternalRed vulnerability was launched by cybercriminals who are likely to be interested in executing cryptocurrency-related tactics. They abused EternalRed to deliver a threatening crypto miner utility that harvests compromised systems' hardware resources to mine for the Monero cryptocurrency. To sum it up, EternalRed was used successfully to create a cryptocurrency mining botnet that brought the operators about 5 XMR per day for some time.

The EternalRed vulnerability shows yet again how important it is to keep all software and drivers up-to-date. In addition to this, even UNIX-based systems need to be protected by a suitable security application that can mitigate attacks like the one carried out via the EternalRed vulnerability.