New
#121
One thing from Malwarebytes update at The worm that spreads WanaCrypt0r - Malwarebytes Labs | Malwarebytes Labs
The accidental kill-switch will not protect those who are running through a proxy server, nor the variants that have the link to the backdoor website removedUPDATE: The second argument to InternetOpenA is 1 (INTERNET_OPEN_TYPE_DIRECT), so the worm will still work on any system that requires a proxy to access the Internet, which is the case on the majority of corporate networks. Thanks to Didier Stevens for spotting what was missed by most.
Danger from this attack is far from over. We'll see variants in the next weeks at least.
Interesting article on Ars Technica | massive-cryptocurrency-botnet-used-leaked-nsa-exploits-weeks-before-wcry
Like WannaCry, this earlier, previously unknown attack used an exploit codenamed EternalBlue and a backdoor called DoublePulsar, both of which were NSA-developed hacking tools leaked in mid April by a group calling itself Shadow Brokers. But instead of installing ransomware, the campaign pushed cryptocurrency mining software known as Adylkuzz. WannaCry, which gets its name from a password hard-coded into the exploit, is also known as WCry.
Last edited by AndreTen; 16 May 2017 at 03:23.
actually about 25% is fake and the rest you need to double and triple check with other sources
Hopefully everyone is patched/getting patched by now. (Although I have 1 Vista laptop that hasn't been able to download updates since last year, so it's a problem.)
Yes, reading this....makes you wonder what else is out there that we don't know about...
I cleaned a system that had been hit with a Bitcoin Miner once - scary stuff!Assembling a botnet the size of the one that managed WannaCry and keeping it under wraps for two to three weeks is a major coup. Monday's revelation raises the possibility that other botnets have been built on the shoulders of the NSA but have yet to be identified.
Latest WanaCrypt infection rates from MalwareTech site ( The tracker site went down from 1600, but is back online now). Showing nearly 4.5k new infections/hour and rising for a total of over 350k machines infected so far since Friday.
PewPewPew (realtime tracker) is getting really noisy, and unstable as the number of exploits increase.