Page 6 of 11 FirstFirst ... 45678 ... LastLast
  1.    14 May 2017 #51
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 16,939
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    A 'kill switch' is slowing the spread of WannaCry ransomware


    Friday’s unprecedented ransomware attack may have stopped spreading to new machines -- at least briefly -- thanks to a "kill switch" that a security researcher has activated.
    However, the ransomware also contains a kill switch that may have backfired on its developers, according to security researchers.

    Wana Decryptor infects systems through a malicious program that first tries to connect to an unregistered web domain. The kill switch appears to work like this: If the malicious program can’t connect to the domain, it’ll proceed with the infection. If the connection succeeds, the program will stop the attack.

    A security researcher who goes by the name MalwareTech found that he could activate the kill switch by registering the web domain and posting a page on it.
    A 'kill switch' is slowing the spread of WannaCry ransomware | PCWorld
      My ComputerSystem Spec
  2.    14 May 2017 #52
    Join Date : Oct 2014
    Trnava
    Posts : 2,860
    Windows 10.4 Home 1709 x64

    Comodo Firewall 10 vs WannaCry Ransomware - YouTube

    As we feared in yesterday’s alert, another ransomware variant, known as Uiwix, has begun to spread by exploiting the same vulnerability in Windows SMBv1 and SMBv2 as WannaCry used. Cyber criminals are quick to incorporate vulnerabilities, especially when they have the potential to infect a large number of targets like the EternalBlue exploit has.

    As expected, this strain does not include a killswitch domain, like WannaCry did.

    We reckon that this is the first of many variants to follow, which will aim to exploit this vulnerability and infect as many devices as possible until the necessary patch is applied. Uiwix also has self-replicating capabilities, as WannaCry did.
    Security Alert: WannaCry Leaves Exploited Computers Vulnerable to Round Two - Heimdal Security Blog

    Security Alert: Uiwix Ransomware Is Here and It Can Be Worse Than Wannacry - Heimdal Security Blog
      My ComputerSystem Spec
  3.    14 May 2017 #53
    Join Date : Jan 2015
    UK, Midlands
    Posts : 10,962
    Win 10 Pro (1703)

    But come Monday, things could escalate as a new variant has been detected apparently...
      My ComputerSystem Spec
  4.    14 May 2017 #54
    Join Date : Jan 2014
    Posts : 1,391
    Windows 10 Pro (32-bit) 16299.15

    Quote Originally Posted by swarfega View Post
    I'm disabling SMB1 on all our Windows computers.
    Quote Originally Posted by DavidY View Post
    Just been doing the same on this laptop, having read this and also this TechNet article (which was linked from the Register post).
    It turns out that this stopped me accessing my old NAS drive (at least the way I've been using it) so I've been going round turning SMB1 back on again.

    I should perhaps have thought of that and tested it before switching it off in multiple places.

    Oh, and it turns out that when you switch Features like this back on again, it uses Windows Update, so on a laptop where Windows Update is broken, it's not so straightforward to switch on again. Luckily Shawn's tutorial to Reset Windows Update worked, although even then I had a struggle to kill off the service to run the tutorial.
      My ComputerSystem Spec
  5.    15 May 2017 #55
    Join Date : Aug 2015
    Posts : 611
    W10 Home 1703

    Looking here for info on how this exploit actually gets on a PC.
    Is it by email, or infected website?
    If email, does it deliver the payload on receipt of the email, on previewing, on opening the email, or by opening an attachment?
      My ComputerSystem Spec
  6.    15 May 2017 #56
    Join Date : Dec 2013
    Portsmouth Hampshire
    Posts : 1,826
    Windows 10 x86 14383 Insider Pro and Core 10240

    Quote Originally Posted by TV2 View Post
    Looking here for info on how this exploit actually gets on a PC.
    Is it by email, or infected website?
    If email, does it deliver the payload on receipt of the email, on previewing, on opening the email, or by opening an attachment?
    Malwarebytes technical analysis here:

    The worm that spreads WanaCrypt0r - Malwarebytes Labs | Malwarebytes Labs
      My ComputersSystem Spec
  7.    15 May 2017 #57
    Join Date : Aug 2015
    Posts : 611
    W10 Home 1703

    Thanks for the link. But the article dives right in to how the exploit works and skips right over the answer to my question, like so many other articles do.

    As close as they get is this:
    "but the initial component that gets dropped on systems appears to be a worm that contains and runs the ransomware".

    So, I'm still curious. How does the exploit get "dropped on a system"?
      My ComputerSystem Spec
  8.    15 May 2017 #58
    Join Date : Oct 2013
    Newport, South Wales, UK
    Posts : 1,807
    Windows 10 Pro x64 FCU - XP/Vista/Win7/Win8.1 in VM for testing

    eMail and then spread over SMB network connections- via a recently discovered vulnerability in SMB stack, that has already been corrected in Supported Windows up to 8.1 - Microsoft has also released fixes for the vulnerability for unsupported OS's such at XP Vista and several server systems. Windows 10 has never had the vulnerability

    Basically the bottom line is if you are up-to date with your updates for Windows or have applied the patch for XP or Windows Vista you are safe - for now - expect the next worm and it's payload to be more advanced
      My ComputerSystem Spec
  9.    15 May 2017 #59
    Join Date : Dec 2013
    Portsmouth Hampshire
    Posts : 1,826
    Windows 10 x86 14383 Insider Pro and Core 10240

    I think that the gaps in information given are to stop the casually curious from making themselves victims.

    Apparently email is the vector.

    You can download the thing from certain websites, and get yourself infected.

    But I am not going to give out that information either!
      My ComputersSystem Spec
  10.    15 May 2017 #60
    Join Date : Aug 2015
    Posts : 611
    W10 Home 1703

    So, when people ask, do I tell them:
    Don't check you Email!
    Don't preview your Email! Right click and delete everything!
    Don't open ANY email!
    Or just the tired old mantra: "Don't open any attachments unless you know what they are".
      My ComputerSystem Spec

 
Page 6 of 11 FirstFirst ... 45678 ... LastLast


Similar Threads
Thread Forum
Today's leading causes of DDoS attacks
Read more: Today's leading causes of DDoS attacks | ZDNet
Windows 10 News
Windows 10: protection against recent Depriz malware attacks
Source: Windows 10: protection, detection, and response against recent Depriz malware attacks Microsoft Malware Protection Center
Windows 10 News
Multi-Vector DDoS Attacks Are Becoming the Norm
Multi-Vector DDoS Attacks Are Becoming the Norm 47% of all multi-vector DDoS attacks were launched in Q4 '15 72430 Read more: http://news.softpedia.com/news/multi-vector-ddos-attacks-are-becoming-the-norm-502416.shtml
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:19.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums