There have been reports of another threat, known as Adylkuzz, leveraging MS17-010 to propagate to vulnerable computers. MS17-010 is the same vulnerability used by WannaCry to propagate across networks, however this is where the similarity with Adylkuzz ends.
Symantec customers using IPS have been proactively protected against attempts to exploit MS17-010.
Cryptocurrency mining
The main purpose of Adylkuzz is to mine Monero, a cryptocurrency similar to Bitcoin. Adylkuzz installs a known cryptocurrency miner called cpuminer on compromised computers. Adylkuzz performs its mining operations in the background therefore infected users are unlikely to notice its presence. However, mining operations are CPU intensive so having a miner running on your computer could lead to performance issues.
While a nuisance, Adylkuzz does not have the same impact on compromised computers as ransomware threats which could lead to data loss and wide-scale disruption.
Propagation
Adylkuzz leverages MS17-010, also known as EternalBlue, to compromise computers. Adylkuzz attackers scan the internet for vulnerable computers to install their malware. Unlike WannaCry, Adylkuzz does not have the ability to self-propagate. It was WannaCry’s ability to self-replicate that meant it spread very quickly within organizations.
Low prevalence
Due to the effectiveness of IPS in proactively blocking infections, Symantec is observing low infections of Adylkuzz. Symantec has blocked over 44 million attempts to exploit MS17-10 and observed only a few thousand Adylkuzz infections during May 2017.
Protection
Network-based protection Symantec has the following IPS protection in place to block attempts to exploit the MS17-010 vulnerability:
Antivirus