So it appears this nasty bit of kit is using the leaked NSA vulnerability which attacks the SMB filesharing protocol behind part of the Windows network infrastructure. There have been warnings kicking about over this for weeks.
This was the focus of those critical Windows security updates in the middle of last month so it looks like someone (for one reason or another) is behind in their patching