Samba flaw could spread WannaCry-like worm, warns DHS

More than 100,000 machines could be at risk

A new flaw has been discovered that could be used by a worm similar to the one which spread the WannaCry ransomware earlier this month, researchers have said.

The Department of Homeland Security in the USA said that the flaw, in free Linux and Unix networking software Samba, could be exploited to gain control of affected computers. Unlike WannaCry, most of the vulnerable machines belong to home users.

Reuters talked to cybersecurity firm Rapid7, which said that it had found more than 104,000 computers running vulnerable versions of Samba - and there could be many more. Almost 90 per cent were running older versions that could not be patched.

Although there are no signs of attackers exploiting Samba - yet - Rapid7 said that it had successfully built malware that would do so in just 15 minutes. In a blog post, the firm suggested that some users may be running Samba without realising it.

The Samba team has released a security update that addresses the flaw in all versions of the programme from 3.5.0 onwards. As a workaround, users can add the parameter ‘nt pipe support = no' to the [global] section of smb.conf, and restart Samba. Doing so prevents clients from accessed any named pipe endpoints. However, this can disable some functionality for Windows clients.

WannaCry is encryption-based ransomware that was spread through an NSA tool called EternalBlue, leaked by the Shadow Brokers hacking group. It became big news for affecting NHS computer systems, but spread through many other corporate networks before being brought under control.

In a recent web seminar with Computing, Malwarebytes warned, "We can expect more attacks where WannaCry came from," explaining that cyber threats, like viruses in the real world, evolve over time.