{"id":55933,"date":"2024-04-26T15:06:22","date_gmt":"2024-04-26T15:06:22","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35817\/Millions-Of-IPs-Remain-Infected-By-USB-Worm-Years-After-Its-Creators-Left-It-For-Dead.html"},"modified":"2024-04-26T15:06:22","modified_gmt":"2024-04-26T15:06:22","slug":"millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/","title":{"rendered":"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/zombies-grave-800x532.jpg\" alt=\"Millions of IPs remain infected by USB worm years after its creators left it for dead\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/04\/zombie-worm-continues-to-infect-millions-of-ips-years-after-it-was-left-for-dead\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">46<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 449:single\/related:940c7897a57959bd868db788006003e9 --><!-- empty --><\/p>\n<p>A now-abandoned USB worm that backdoors connected devices has continued to self-replicate for years since its creators lost control of it and remains active on thousands, possibly millions, of machines, researchers said Thursday.<\/p>\n<p>The worm\u2014which first came to light in a <a href=\"https:\/\/news.sophos.com\/en-us\/2023\/03\/09\/border-hopping-plugx-usb-worm\/\">2023 post<\/a> published by security firm Sophos\u2014became active in 2019 when a variant of malware known as PlugX added functionality that allowed it to infect USB drives automatically. In turn, those drives would infect any new machine they connected to, a capability that allowed the malware to spread without requiring any end-user interaction. Researchers who have tracked PlugX since at least 2008 have said that the malware has origins in China and has been used by various groups tied to the country\u2019s Ministry of State Security.<\/p>\n<h2>Still active after all these years<\/h2>\n<p>For reasons that aren\u2019t clear, the worm creator abandoned the one and only IP address that was designated as its command-and-control channel. With no one controlling the infected machines anymore, the PlugX worm was effectively dead, or at least one might have presumed so. The worm, it turns out, has continued to live on in an undetermined number of machines that possibly reaches into the millions, researchers from security firm Sekoia <a href=\"https:\/\/blog.sekoia.io\/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet\/\">reported<\/a>.<\/p>\n<p>The researchers purchased the IP address and connected their own server infrastructure to \u201csinkhole\u201d traffic connecting to it, meaning intercepting the traffic to prevent it from being used maliciously. Since then, their server continues to receive PlugX traffic from 90,000 to 100,000 unique IP addresses every day. Over the span of six months, the researchers counted requests from nearly 2.5 million unique IPs. These sorts of requests are standard for virtually all forms of malware and typically happen at regular intervals that span from minutes to days. While the number of affected IPs doesn&#8217;t directly indicate the number of infected machines, the volume nonetheless suggests the worm remains active on thousands, possibly millions, of devices.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>\u201cWe initially thought that we will have a few thousand victims connected to it, as what we can have on our regular sinkholes,\u201d Sekoia researchers Felix Aim\u00e9 and Charles M wrote. \u201cHowever, by setting up a simple web server we saw a continuous flow of HTTP requests varying through the time of the day.\u201d<\/p>\n<p>They went on to say that other variants of the worm remain active through at least three other command-and-control channels known in security circles. There are indications that one of them may also have been sinkholed, however.<\/p>\n<p>As the image below shows, the machines reporting to the sinkhole have broad geographic disbursement:<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/plug-infection-map.png\" class=\"enlarge\" data-height=\"1026\" data-width=\"1945\" alt=\"A world map showing country IPs reporting to the sinkhole.\"><img loading=\"lazy\" decoding=\"async\" alt=\"A world map showing country IPs reporting to the sinkhole.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/plug-infection-map-640x338.png\" width=\"640\" height=\"338\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/plug-infection-map-1280x675.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/plug-infection-map.png\" class=\"enlarge-link\" data-height=\"1026\" data-width=\"1945\">Enlarge<\/a> <span class=\"sep\">\/<\/span> A world map showing country IPs reporting to the sinkhole.<\/div>\n<\/figcaption><\/figure>\n<p>A sample of incoming traffic over a single day appeared to show that Nigeria hosted the largest concentration of infected machines, followed by India, Indonesia, and the UK.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/plugx-sinkhole-by-country.png\" class=\"enlarge\" data-height=\"535\" data-width=\"1622\" alt=\"Graph showing the countries with the most affected IPs.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Graph showing the countries with the most affected IPs.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/plugx-sinkhole-by-country-640x211.png\" width=\"640\" height=\"211\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/plugx-sinkhole-by-country-1280x422.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/plugx-sinkhole-by-country.png\" class=\"enlarge-link\" data-height=\"535\" data-width=\"1622\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Graph showing the countries with the most affected IPs.<\/div>\n<\/figcaption><\/figure>\n<p>The researchers wrote:<\/p>\n<blockquote>\n<p>Based on that data, it\u2019s notable that around 15 countries account for over 80% of the total infections. It\u2019s also intriguing to note that the leading infected countries don\u2019t share many similarities, a pattern observed with previous USB worms such as RETADUP which has the highest infection rates in Spanish spelling countries. This suggests the possibility that this worm might have originated from multiple patient zeros in different countries.<\/p>\n<\/blockquote>\n<p>One explanation is that most of the biggest concentrations are in countries that have coastlines where China\u2019s government has significant investments in infrastructure. Additionally many of the most affected countries have strategic importance to Chinese military objectives. The researchers speculated that the purpose of the campaign was to collect intelligence the Chinese government could use to achieve those objectives.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>The researchers noted that the zombie worm has remained susceptible to takeover by any threat actor who gains control of the IP address or manages to insert itself into the pathway between the server at that address and an infected device. That threat poses interesting dilemmas for the governments of affected countries. They could choose to preserve the status quo by taking no action, or they could activate a self-delete command built into the worm that would disinfect infected machines. Additionally, if they choose the latter option, they could elect to disinfect only the infected machine or add new functionality to disinfect any infected USB drives that happen to be connected.<\/p>\n<p>Because of how the worm infects drives, disinfecting them risks deleting the legitimate data stored on them. On the other hand, allowing drives to remain infected makes it possible for the worm to start its proliferation all over again. Further complicating the decision-making process, the researchers noted that even if someone issues commands that disinfect any infected drives that happen to be plugged in, it\u2019s inevitable that the worm will live on in drives that aren\u2019t connected when a remote disinfect command is issued.<\/p>\n<p>\u201cGiven the potential legal challenges that could arise from conducting a widespread disinfection campaign, which involves sending an arbitrary command to workstations we do not own, we have resolved to defer the decision on whether to disinfect workstations in their respective countries to the discretion of national Computer Emergency Response Teams (CERTs), Law Enforcement Agencies (LEAs), and cybersecurity authorities,\u201d the researchers wrote. \u201cOnce in possession of the disinfection list, we can provide them an access to start the disinfection for a period of three months. During this time, any PlugX request from an Autonomous System marked for disinfection will be responded to with a removal command or a removal payload.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35817\/Millions-Of-IPs-Remain-Infected-By-USB-Worm-Years-After-Its-Creators-Left-It-For-Dead.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":55934,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[6626],"class_list":["post-55933","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinemalwarebackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-04-26T15:06:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/zombies-grave-800x532.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead\",\"datePublished\":\"2024-04-26T15:06:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/\"},\"wordCount\":939,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead.jpg\",\"keywords\":[\"headline,malware,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/\",\"name\":\"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead.jpg\",\"datePublished\":\"2024-04-26T15:06:22+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead.jpg\",\"width\":800,\"height\":532},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,malware,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinemalwarebackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/","og_locale":"en_US","og_type":"article","og_title":"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-04-26T15:06:22+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/04\/zombies-grave-800x532.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead","datePublished":"2024-04-26T15:06:22+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/"},"wordCount":939,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/04\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead.jpg","keywords":["headline,malware,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/","url":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/","name":"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/04\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead.jpg","datePublished":"2024-04-26T15:06:22+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/04\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/04\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead.jpg","width":800,"height":532},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/millions-of-ips-remain-infected-by-usb-worm-years-after-its-creators-left-it-for-dead\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,malware,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinemalwarebackdoor\/"},{"@type":"ListItem","position":3,"name":"Millions Of IPs Remain Infected By USB Worm Years After Its Creators Left It For Dead"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55933","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55933"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55933\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/55934"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55933"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55933"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55933"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}