[mdkdog]

It looks to me like common stupidity...people opening attachments that they should not be opening. No need to involve CIA NSA or other tree letters agency hacking tool...just old school phishing. I see this happening much to often....people opening *.pdf.js attachment. No need for another conspiracy theory...stupidity explains it all. Just my 50¢.

[robertfw]

It looks like you have not done any "looking" at this at all. This is a worm that is using the ETERNALBLUE (and possibly other) exploits to infect all vulnerable machines on a network without user interaction

plenty of stupidity for sure, but the stupidity is at the number of unpatched systems

[mdkdog]

My bad...the article is not really clear thou... My first comment...and my first fail... /me sad!

[hoschicz]

It doesnt involve only pdf.js file, the key is a bug in samba that means that all you need to get infected is to connect to an infected network.

[toyg]

Not in Samba, in the SMB protocol implementation on Windows.

Samba servers are safe.