Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsDesktop computingMassive global ransomware attack affecting 74 countries and counting
View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 5 | 6 | 7 | 8 | 9 | 10 
nathan
5695 posts

Uber Geek
Inactive user


  #1783637 17-May-2017 12:36
Send private message

Rikkitic:

 

Does Win 10 require patching? I thought it wasn't vulnerable.

 

 

 

 

The exploit code used by WannaCrypt was designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this attack.

 

You should install the latest Quality Update for Windows 10.



nathan
5695 posts

Uber Geek
Inactive user


  #1783639 17-May-2017 12:37
Send private message

gzt: What is the initial vector? Word document or executable?

 

We haven’t found evidence of the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly possible explanations for the spread of this ransomware:

 

  • Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
  • Infection through SMB exploit when an unpatched computer is addressable from other infected machines

MadEngineer
4274 posts

Uber Geek

Trusted

  #1783706 17-May-2017 14:35
Send private message

Pretty sure you've got it right there. There's a google search you can perform that provides links to infected websites that are used to host the payload as linked to in the email.

I'm not sure iof what is generating the spam in the first place but likely from pwnd mailboxes.




You're not on Atlantis anymore, Duncan Idaho.



solutionz
589 posts

Ultimate Geek
Inactive user


  #1784107 18-May-2017 12:17
Send private message

nathan:

 

gzt: What is the initial vector? Word document or executable?

 

We haven’t found evidence of the exact initial entry vector used by this threat, but there are two scenarios that we believe are highly possible explanations for the spread of this ransomware:

 

  • Arrival through social engineering emails designed to trick users to run the malware and activate the worm-spreading functionality with the SMB exploit
  • Infection through SMB exploit when an unpatched computer is addressable from other infected machines

 

Microsoft is it's own worst enemy actively allowing Malware to be advertised within its own products.

 

See current Skype ad below which directs to one of those fake anti-virus malware sites:

 

 

Not to mention the quantity of dubious Apps in the Windows Store last time I looked; unsurprising why people are so concerned about Windows 10 telemetry and increased advertising pushed to the desktop / Explorer.

freitasm
BDFL - Memuneh
79267 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1784152 18-May-2017 12:21
Send private message

It's money over sense/responsibility. Same with Stuff, NZ Herald and others running these sponsored links.

 

Meanwhile, someone added Geekzone to the Easylist and blocks everything (not only ads but other scripts too). Not because we distribute malware but because this person thinks he's the only one to dictate what we should show. And yes, he's a Geekzone registered user.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

tripp
3848 posts

Uber Geek

Trusted
Lifetime subscriber

  #1784166 18-May-2017 12:31
Send private message

freitasm:

 

It's money over sense/responsibility. Same with Stuff, NZ Herald and others running these sponsored links.

 

Meanwhile, someone added Geekzone to the Easylist and blocks everything (not only ads but other scripts too). Not because we distribute malware but because this person thinks he's the only one to dictate what we should show. And yes, he's a Geekzone registered user.

 

 

 

 

I bet he also does not pay a subscription :P 

vulcannz
436 posts

Ultimate Geek
Inactive user


  #1784588 19-May-2017 08:58
Send private message

clinty:


I imagine by now most good AV signatures have been updated

Clint

 

 

 

Signatures were available for both the malware and the SMB attack around mid-April from some security vendors (well before the big outbreaks). For all the frothing at the mouth about this malware suddenly appearing it was known about already.

 

It boils down to people have a combination of : old unpatched OSs/ bad email security-anti-spam / poor network security / and poor desktop AV.

 

 

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
nathan
5695 posts

Uber Geek
Inactive user


  #1785026 20-May-2017 10:17
Send private message

vulcannz:

 

clinty:


I imagine by now most good AV signatures have been updated

Clint

 

 

 

Signatures were available for both the malware and the SMB attack around mid-April from some security vendors (well before the big outbreaks). For all the frothing at the mouth about this malware suddenly appearing it was known about already.

 

It boils down to people have a combination of : old unpatched OSs/ bad email security-anti-spam / poor network security / and poor desktop AV.

 

 

 

 

do you have a source that shows that the AV signatures to understand "WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY" were available prior to May 12 please?

freitasm
BDFL - Memuneh
79267 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1785041 20-May-2017 11:45
Send private message

nathan:

 

do you have a source that shows that the AV signatures to understand "WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY" were available prior to May 12 please?

 

 

From Symantec:

 

"Symantec Endpoint Protection (SEP) and Norton have proactively blocked any attempt to exploit the vulnerabilities used by WannaCry, meaning customers were fully protected before WannaCry first appeared. SEP14 Advanced Machine Learning proactively blocked all WannaCry infections on day zero, without any updates."




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

nathan
5695 posts

Uber Geek
Inactive user


  #1785370 21-May-2017 02:28
Send private message

freitasm:

 

nathan:

 

do you have a source that shows that the AV signatures to understand "WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY" were available prior to May 12 please?

 

 

From Symantec:

 

"Symantec Endpoint Protection (SEP) and Norton have proactively blocked any attempt to exploit the vulnerabilities used by WannaCry, meaning customers were fully protected before WannaCry first appeared. SEP14 Advanced Machine Learning proactively blocked all WannaCry infections on day zero, without any updates."

 

 

that's not a signature.  I'm curious to know more about this piece:

 

"Signatures were available for both the malware and the SMB attack around mid-April from some security vendors (well before the big outbreaks). " 

vulcannz
436 posts

Ultimate Geek
Inactive user


  #1785781 22-May-2017 09:31
Send private message

nathan:

 

vulcannz:

 

clinty:


I imagine by now most good AV signatures have been updated

Clint

 

 

 

Signatures were available for both the malware and the SMB attack around mid-April from some security vendors (well before the big outbreaks). For all the frothing at the mouth about this malware suddenly appearing it was known about already.

 

It boils down to people have a combination of : old unpatched OSs/ bad email security-anti-spam / poor network security / and poor desktop AV.

 

 

 

 

do you have a source that shows that the AV signatures to understand "WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY" were available prior to May 12 please?

 

 

Sure...

 

https://support.sonicwall.com/kb/229442

 

 

If you are a SonicWall customer, and you have an active Gateway Anti-Virus subscription, your SonicWall firewall has been protecting your network from WannaCry (also known as WanaCrypt0r or WannaCrypt) ransomware since April 20, 2017.

 

There are also IPS signatures for the worm side of things...

 

 

 

https://blog.sonicwall.com/2017/05/sonicwall-protects-customers-latest-massive-wannacry-ransomware-attack/

 

 

 

I suspect there will be other vendors with similar stuff, as the IPS signatures were derived from the leaked NSA hacks. And most security vendors having a group where they share signature data. Sandbox technology will also pick up such things (and then provide a source to derive new signatures).

freitasm
BDFL - Memuneh
79267 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #1785783 22-May-2017 09:35
Send private message

I've updated the previous post to show the image - the poster updated over it to show a link. No problem.

 

Folks, remember that now that we are serving only HTTPS if you add images from HTTP these will not appear as most browsers will deem these "unsafe".




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

vulcannz
436 posts

Ultimate Geek
Inactive user


  #1785792 22-May-2017 09:45
Send private message

Yeah sorry saw the image didn't work, so posted the link. It's monday, cold, and caffeine is still kicking in.

1 | ... | 5 | 6 | 7 | 8 | 9 | 10 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright