Quote:A new version of the NRSMiner is actively spreading in the southern region of Asia. The majority of detections (54%) have been found in Vietnam, followed by Iran (16%) and Malaysia (12%). The new version either updates existing NRSMiner infections, or spreads to new systems using the EternalBlue exploit.

That EternalBlue is still being used to spread malware nearly two years after it was patched by Microsoft points to a massive failure in patching.

"Falling behind basic security practices, like patching, is usually the main culprit in these situations," Jarno Niemela, principal researcher at F-Secure Labs told SecurityWeek. "And use of pirated software and how popular Windows is compared to other platforms are probably playing a role here."

However, he continued, "I think the biggest reason this is limited to certain countries has to do with resourcing. Security investments help ensure IT admins have time and money to create and maintain secure systems. And investments that build a culture of security is how those resources become allocated. Some parts of the world have invested in security education for decades, and we don't see this malware achieving the same prevalence in those regions."