Author Topic: Global virus.  (Read 1941 times)

0 Members and 1 Guest are viewing this topic.

May 13, 2017, 10:10:24 pm

Johyn

  • Newbie

  • Offline
  • *

  • 34
  • Reputation:
    0
    • View Profile
Global virus.
« on: May 13, 2017, 10:10:24 pm »
Greets!

I was just wonderin if you had any coments or views about the global hackin atack governments are victims at the moment?

Reply #1May 14, 2017, 01:42:54 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2144
  • Reputation:
    77
    • View Profile
Re: Global virus.
« Reply #1 on: May 14, 2017, 01:42:54 pm »
Hi Johyn,

Adlice Software released the following declarations :
Quote from: RogueKiller#facebook.com 12/05/2017@21:55
This is happening right now! #WannaCry #Ransomware uses #CIA exploit to propagate inside corporate networks.
Spread by #Necurs spambot, it has infected more than 45000 machines worldwide in a few hours!
More than ever, don't open Office attachments from unknown senders, and don't activate macros.

Edit: the largest ransomware infection. Ever. In history.
Quote from: RogueKiller#facebook.com 13/05/2017@09:11
In case you missed it, the malware is stills massively spreading, has hit train stations in Russia, and many companies are paralyzed because of it. Has infected 100k machines in 12 hours.

The malware is worm-like and uses a vulnerability in Windows SMBv1 protocol implementation to spread.
Ransomware WannaCry make use of a slightly modified version of ETERNALBLUE, an alleged NSA exploit.

Microsoft patched this vulnerability on March 2017 (KB4013389) on Windows Vista operating system and later but Windows XP and Windows Server 2003 were left unpatched.
Due to the conviction that the malware uses these older systems as infection pools, Microsoft released emergency patches for these (KB4012598) :
Quote from: Microsoft
"Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download."
"This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind."

It is strongly advised to install these patches as soon as possible and, if is not possible, to disable SMBv1 support on concerned systems.

Regards.

Reply #2May 14, 2017, 02:16:13 pm

Johyn

  • Newbie

  • Offline
  • *

  • 34
  • Reputation:
    0
    • View Profile
Re: Global virus.
« Reply #2 on: May 14, 2017, 02:16:13 pm »
Thanks. No clues about the origin of that malware? Nation, organisation, individual?

Reply #3May 14, 2017, 06:53:18 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2144
  • Reputation:
    77
    • View Profile
Re: Global virus.
« Reply #3 on: May 14, 2017, 06:53:18 pm »
Hi Johyn,

There is no official claims yet, but there is a high probability it's operated by a group of inexperienced malware authors.
WannaCry is pretty amateurish since it doesn't generate Bitcoins addresses per infected machine and currently make use of a kill-switch feature that was succesfully used by security researcher MalwareTech to stop the malware spread for the time being.

Version 1.0 of the malware, which was spotted on the wild on April 25, were hosted on Dropbox Cloud architecture. This made the removal of the binaries very easy.

Regards.

Reply #4May 14, 2017, 07:18:58 pm

Johyn

  • Newbie

  • Offline
  • *

  • 34
  • Reputation:
    0
    • View Profile
Re: Global virus.
« Reply #4 on: May 14, 2017, 07:18:58 pm »
Ok, thxs for you!

Reply #5May 14, 2017, 09:15:44 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2144
  • Reputation:
    77
    • View Profile
Re: Global virus.
« Reply #5 on: May 14, 2017, 09:15:44 pm »
Hi Johyn,

You are welcome.

Regards.