A new Watchbog malware variant can scan for Windows computers vulnerable to BlueKeep exploits. BlueKeep is a remote code execution vulnerability present in the Windows Remote Desktop Services and enabling remote unauthenticated attackers to run arbitrary code, conduct denial of service attacks, as well as potentially take control of vulnerable systems. Microsoft patched the RCE flaw that impacts several versions, from Windows XP, Windows Vista, and Windows 7 to Windows Server 2003 and Windows Server 2008, as part of the May Patch Tuesday. The malware’s BlueKeep scanner will immediately start probing all the IP addresses from a list delivered by the malware’s command-and-control server.
Source: https://www.bleepingcomputer.com/news/security/bluekeep-scanner-discovered-in-watchbog-cryptomining-malware/