Marcus Hutchins, slayer of WannaCry worm, pleads guilty to malware charges

Then-23-year-old security researcher Marcus Hutchins in his bedroom in Ilfracombe, UK, in July 2017, just weeks before his arrest on malware charges.

Enlarge / Then-23-year-old security researcher Marcus Hutchins in his bedroom in Ilfracombe, UK, in July 2017, just weeks before his arrest on malware charges. (credit: Chris Ratcliffe/Bloomberg via Getty Images)

short post. “Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

Hutchins was charged in August 2017 with creating Kronos, a banking trojan that stole online bank account passwords from infected computers. A superseding indictment filed 10 months later charged him with 10 felony counts that alleged he created a second piece of malware called UPAS Kit. Hutchins, whose online persona MalwareTech attracts more than 143,000 followers on Twitter, had a league of vocal defenders claiming the allegations were false.

Read 5 remaining paragraphs | Comments

Unpatched systems at big companies continue to fall to WannaMine worm

Article intro image

Enlarge / This old mine is still yielding somebody Monero. (credit: Max Pixel (CC))

the NotPetya attack that affected companies worldwide a month later, and Adylkuzz, a cryptocurrency-mining worm that began to spread even before WannaCry. Other cryptocurrency-mining worms followed, including WannaMine—a fileless, all-PowerShell based, Monero-mining malware attack that threat researchers have been tracking since at least last October. The servers behind the attack were widely published, and some of them went away.

But a year later, WannaMine is still spreading. Amit Serper, head of security research at Cybereason, has just published research into a recent attack on one of his company’s clients—a Fortune 500 company that Serper told Ars was heavily hit by WannaMine. The malware affected “dozens of domain controllers and about 2,000 endpoints,” Serper said, after gaining access through an unpatched SMB server.

Read 5 remaining paragraphs | Comments