Those whacky Russians. At it again with their goofball hijinks.
It’s the end of the world as we know it, and I feel fine…
…because I use Linux… 
OTOH I dread going to work Monday and checking all the Windows user machines for infections and patches.
If you’re already infected then you could have a problem when you turn on your machine Monday morning. However, this version at least, should spread no further. A researcher accidentally activated a built in kill switch.
The authors of the malware apparently set this up so that they could turn it off worldwide if necessary, simply by registering the domain. This researcher found the domain name in the code and registered it, inadvertently, but fortunately, activating the kill switch.
As I understand it, the two concerns with Monday and next week in general are (a) that office computers that may already have been infected will be turned on Monday morning, and (b) that a new variant not affected by the kill switch will surface. In fact according to one article I was reading, one such variant has already been identified, but it has a flaw that apparently renders it harmless.
What I wish I had a better understanding of is how effective various anti-virus programs are against these things. All the articles seem to focus on patching the OS, but the much-publicized Microsoft patch doesn’t really address the initial infection, but only its ability to spread through a LAN.
I had the same thought, and read his whole thread to see of anybody though of answering it, much less even asking it. Like, why would anybody want to know a trivial detail like that?
I think as long as you don’t do something dumb, like clicking on a link in a phishing email, you should be protected from being “patient zero” on your LAN. The Microsoft patch should then protect you from catching someone else’s infection over the LAN. Not a perfect solution but there it is.
I think I read somewhere that it only hit XP machines, which is why it hit obsolete systems such as the underfunded British Health Service, and why the US seems to be largely untouched (at least so far).
Actually, according to MalwareBytes, it’s all over the US, but seems most prevalent in Europe and especially Russia.
I’d sure like to know how it managed to hit the NHS. They would surely be among the organizations to have an ongoing support contract with Microsoft, and would also surely have had a decent antivirus on their systems. There must have been gross stupidity involved somewhere in the system!
The most common first footing is someone clicking on a link or opening an infected attachment (often the mail messages carrying them are strikingly plausible).
But there are ways for malware to get inside a corporate network just from people visiting websites where they have ads with malware payload - the malware might just be a trojan that opens up a tiny hole - essentially acting as a client to invite other, more serious malware in.
I was speaking on Saturday to someone who is involved hands on in the cleanup in one of the high-profile cases in the news. It’s a case of business management that takes the stance ‘this server is too important to take offline for patching’, but also won’t fund any kind of resilient option that allows parts of the system to come down at a time.
Dumb strategy. Either you make time/plans for downtime, and do it nicely, or downtime happens to you anyway, horribly.
On the anti-virus question, I just did some random Googling and it appears that the major products now have the appropriate signatures in the latest updates; for instance, Symantec and Norton customers are protected against WannaCry using a combination of technologies. Avast has a similar statement.
The NHS did have an extended support contract with MS, but the government didn’t renew it after 2015, leaving it up to the individual NHS Trusts to negotiate their own deals.
Just so.
The researcher now thinks the unregistered domain was a poor attempt at anti-analysis.
Difficult to imagine it happened under Cameron.
Why is bitcoin allowed to exist? I think any acceptance or use of this currency should be grounds for prosecution.
If that’s true, then by registering the domain, the researcher has screwed up all those sandbox environments (well, they will have to change their code to a new intentionally-unregistered domain). But by publicizing this sandboxing method, the researcher screwed the whole method up I guess because the malware makers are now all aware of it and will just register any domain that sandboxers would use as the marker.
Starting this morning, I’m unable to access the Giraffe Boards from work. I get a “Restricted website blocked” because of “mature content.”
Maybe our IT department ramped up security settings because of the hacking story.
It’s not the fact that sandboxes would use that specific domain, it’s the fact that the exploit writers know that the domain would NOT be registered. Because of this, a response back with an IP address would let the exploit know it was in a sandbox.
Today at work we had to hand in our computers to get checked by the client’s IT peeps. Mine was among the last (one of the guys involved knew perfectly well I wasn’t in much of a hurry); they happened to take it just in time for its daily check to come up (I’ve got it set to run during our lunch hour) so they decided to let that run before rebooting it. I got to sit around and watch one of them go six different colors talking about the amount of laptops “found” sitting down in people’s desk drawers; apparently some of the client’s people have:
the laptop they normally use as their workstation,
plus another one they keep in a drawer,
and at least one person has two others at home (he was told to bring them tomorrow and that if he doesn’t he’ll be sent back to get them, but from what I heard they’ll be checked and returned). There were multiple people who had one they keep at home.
So that’s multiple people who have multiple company laptops. Great asset management there, guys! :smack:
Their main risk management strategy appears to be denying that there is such a thing as risk; another consultant and I are banned from all strategical meetings for our project because we dared point out risks. We’re guessing their asset management will keep on sucking, as does their IT security. Our laptops were all sparkling. Theirs… not.
Something to do with the self-evident right to trade anything of perceived value for anything of perceived value, without the government having control over it and manipulating the exchange values of a mandated medium.
I think we should not prosecute anyone for possession or use of bitcoin.
And how’s that ‘right’ working out with regard to both legal and illegal drugs ?