Exploit.Python.Agent.w

Detect Date 11/11/2019
Class Exploit
Platform Python
Description

This modification consists of malware that exploits the vulnerability in an algorithm of the SMB protocol that is implemented in Windows operating systems. The malware is more commonly known as EternalBlue. If the attack succeeds, the intruder can execute his code in the name of the “system” user.

Geographical distribution of attacks by Exploit.Python.Agent.w modification
Geographical distribution of attacks during the period from 11 November 2018 to 11 November 2019

Top 10 countries with most attacked users (% of total attacks)

  Country Percentage of users*
1 Russian Federation 21.08
2 China 18.90
3 Iran, Islamic Republic of 16.44
4 Vietnam 8.34
5 India 7.36
6 Egypt 6.60
7 Kenya 2.77
8 Bangladesh 2.64
9 Thailand 2.47
10 Indonesia 1.32

* Percentage of all unique Kaspersky users worldwide who have been attacked by this malware