RANSOMWARE hole fixed for XP and SRV2003, PATCH available

https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

MS issued a Patch over night to fix EOL OS's as well.

FIX IT if you still run any of those two OS's

The fact that it has been stopped spreading now doesnt mean it will not come again in a matter of hours as all they ( the bad guys ) would need to do is change the hardcoded URL in the code.

This damn thing spreads via SMB ( 445 tcp ) as well, be warned !!!

The initial patch that fixes that hole was released by MS early March 2017.

Which basically means that you should ALWAYS keep your OS up-2-date, anytime, everywhere.

Which basically means that you should ALWAYS keep your OS up-2-date, anytime, everywhere.

Best security advice there is, couldn't agree more!

As long as noone actually gets hurt (e.g. in the British hospitals that were among the first victims), I tend to find this whole thing highly amusing, though...

- fix available: check

- number of patchdays since fix: 2 (3 if including the patchday for fix release)

- Antivirus utterly useless: check

- Antivirus actually preventing the worm from NOT spreading: check

- original exploit by National Security Agency: check

Seriously, if one was to invent jokes about computer security nightmares, they'd suffer from unemployment right about now. :D

It again only got the lazy ones !

and NSA shot their own knee with this somehow as well, LoL

I'd make each and every one responsible that did not patch the system or the manager who told the Admin to NOT DO it because of MONEY to be saved ( less hours to pay ).

If you dont take care of your machine, be assured...someone will do it for you !

edit* also one more reason to use a non-standard Linux wherever you can and remove everything compilers need. Dont take chances !

edit* also one more reason to use a non-standard Linux wherever you can and remove everything compilers need. Dont take chances !

I actually like the "standard" Linux distros. apt-get update && apt-get upgrade - how much easier can it get?

The lack of a solid, fast, no-reboot-required update mechanism is one of Windows' biggest shortcomings IMO.

...

Which basically means that you should ALWAYS keep your OS up-2-date, anytime, everywhere.

It's a bit worrying to think that a lot of crucial governative systems in the world are still running obsolete Windows XP or older OS, that are out of Windows update support. :cry:

https://techviral.net/pentagon-still-running-windows-95-98-xp/

This forum and you guys are the PC nerds. Was wondering if you guys ever got hit by the real-life stuff?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

How to make sure you won’t get hit by WannaCry/WannaCrypt

https://www.askwoody.com/2017/how-to-make-sure-you-wont-get-hit-by-wannacrywannacrypt/

Best security advice there is, couldn't agree more!

Actually, the best advice is to always, always have a recent backup of your critical data ... even the best antivirus and updated OS can be sucessfully attacked; so a good backup is essential.

If you store data on the cloud, be sure it supports versioning ... for example, OneDrive and DropBox.

Was wondering if you guys ever got hit by the real-life stuff?

I once recevied two emails from a buddy, the second just reading something along the lines of "Oh, I forgot, here :)" with a .exe attachment. I clicked it, it showed a stupid fireworks animation and that was that. Except it infected my computer and now every mail *I* sent was automatically followed by a similar message.

Little harm done, fortunately, and I learned my lesson. That was around '98ish.

Since then I've seen a few infected computers, most of them easy to clean with advice from Internet forums, some requiring a complete fresh Windows installation.

Also seen a few exploits targeting webservers, some pretty fancy stuff, but very easy to get rid of in those instances I witnessed.

Oh, and my elder sister once fell for the Nigeria connection ("Dear sir or madam, I am the widow of late General Sani Abacha and need you to help me launder 9.5 million US $. If you help me you can keep 10%. But first you must help me with some legal issues. Can you send me 500 US $ in advance? Sorry, more legal issues, can you send another 1,000 US $?"), but fortunately she told me about it before sending any money. Still, close call, that money would have been gone for good.

Basically, be aware that any email and any forum post might be targeted to rip you off and steal your money or get your computer infected with Malware. As long as you don't click any files people send you, and as long as you only trust people you really know, and make sure to actually talk to them before sending money or opening files, you should be able to avoid 99.9% of threats on the Internet.

Actually, the best advice is to always, always have a recent backup of your critical data ...

Good point and absolutely essential!

But a backup doesn't replace good security. It's another line of defense in case security measures fail. It shouldn't be necessary, but it's really good to have one available.

Still, I'd rather avoid an infection in the first place. :smartass:

But a backup doesn't replace good security.

Exactly, you should have a backup, naturally, but the goal is to not to ever need it.

Just thought to share some advice and info.

If you have issues with updates corruption these are ways to fix them.

If you are experienced enough with windows you can enter through REGEDIT shown here -

There are more videos online how to carefully go about this.

Also I use this app to track MALWARE - https://www.malwarebytes.com/ :thumbup:

I also you this app to clean obsolete registry entries that are not needed, missing or corrupt - https://www.piriform.com/ccleaner/download :thumbup:

If you purchase the Pro versions you get the strong added features to ensure your system is safe and healthy.

Also take time to read through Microsoft change logs and support issues here:- https://support.microsoft.com/en-us/help/902093/how-to-read-the-windowsupdate.log-file

Might resolve any issues with a simple download patch.

Just some :helpsmilie:info for anyone that might need it.

Well, there are HOLES IN EACH AND EVERY OS, take that as a fact.

Sure, I cannot proof this above statement but be assured, over time you will see holes and holes again that have been there for weeks, month, years and some even for a decade or longer.

The bad stuff happens if one of those holes gets known and misused. Having a Zero-Day-Exploit at hand, technical knowledge, some fundings and criminal energy or task given by Command ( yes, States and Nations hack a lot ) you have ZERO chance to withstand that attack, you will for 99.99% not even find out unless you are just as knowledgable ( we aren't I assume here ) and invest considerable time in tripwiring, rootkit search, comparing and watching outbound data flow.

Yes, I got infected, I guess that was around 1993 or 1994 from a 3.5" Floppy Bootsector Virus.

Maybe I had even more that I never found out, might very well be.

Mac is not more secure, it is just targeted less, take that as a fact as well. It still is true that running a Mac will likely get you out of the line of fire...FOR NOW. As soon as enough people use a Mac the bad guys will code for Mac too and I personally think MS is as of now better in securing your OS for reasons beyond this scope and post. The bad thing with BOTH is that they are very alike among each other, there are no big differencies between Mac-to-Mac or one Windows to another Windows, homogen topologies are easier to infect in masses, it just pays better for the bad guys.

Linux instead has some advantages as it differs more between LinuxPC-2-LinuxPC. There are now over 800 variants/flavours available for home users and the Linux community is a lot faster in fixing anything security related than MS and Apple ever were and likely will be.

A code written for WIn or Mac will likely run on 99% of those, not with Linux that much.

I dont say it is secure, HELL NO. There are patches every day for Linux that proof there are holes everywhere. Many of the tools you use in Linux are written by small groups or individuals with very limited ressources and sometimes will to fix things over a long time. That is a fact too.

A bloated Ubuntu is just about the same as a Mac, make no mistake here !!!

It would be safer to build your Linux yourself from A-Z, but 99% are not capable of doing so, thats why we use SuSE, Ubuntu, Mint..etc... but those are all standardized which is a weak point in itself. Compiling your own kernel with time spent going through the kernel options for days and say YES or NO to each one is just not a practical approach for "Mom&Dad", not even for me, I know exactly 1 guy myself who does this, knows what he does and uses those servers he makes himself for running his Online Services. We talked a lot about this and it is not easy, you have ti have a funded understanding of MANY MANY things to achieve a usable OS. USually thoe are VERY SLEAK, no GUI, nothing you dont really need. Good for DNS servers, HTTP servers, SMTP..etc..

Not for Minecraft PC's and such.

Thing is, Linux is too HIGH for many to use, the hurdles are higher, the fear to use it bigger and the resistance to give in and try it out is very high. I see that very often. Most games dont run on Linux, many apps you are familiar with dont exist in the Linux ecosystem and one will have to find, like and use an alternative..another hurdle one has to overcome internally.

There is NO safe way to approach computing, there are riscs on every path you try to take, some with more likely bad things to happen ( ususally the easy ways to approach ) and some that are less likely to get fooled by bad guys.

Not many bad guys have the knowledge to code a worm or malware themselves, most are copy&paste codesters that have little to zero understanding but are still very dangerous to the general public as it is enough to just copy&paste if you have "Mom&Dad" as your target.

The only thing you can do imho is to try to get out of line of fire.

If any of the Services of most nations wanted to hijack your PC we will have zero chance to withstand as of those zero-day-exploits in use AS OF NOW that no one but the NSA,CIA,MOSSAD etc.. knows about. Good thing is, most of us are not a target for those guys. They spy your Internet data and the backbone nodes, copy each and every mail you send and websites you visit get tracked, that is very normal now and we should be aware of it. It is bad in one perspective but also protects us on the other hand. I dont fear this too much.

My advices:

Use a supported modern OS ( Win10 is far superior to 7 or 8 in security terms )

Update it DAILY if you have the time

Use tools like Wraith said ( use those you understand !!! )

Stay away from bad sites, pay for what you use, dont use cracked stuff !

Be VERY sensitive with emails, often bad thigs come form people you do actually know,

use your brains to check if an attachement does fit in the wider scope or if this is a trick.

Make Backups from your data that you dont want to loose, usually that is less than a few GB.

For Backups, heck, dont even try to Baclup your OS, its not worth it imho.

Rather spent the time and money to backup your personal unique data like letters, photos and such to a DVD, USB-Drive ( DE-ATTACH after backup !!), and or Cloude Service ( Disconnect as well after using it !! ).

Ransomware will look for Backups on your system and encrypt those too, have them disconnected ALL THE TIME if you dont Backup or Restore.

Dont use online banking if you can, period ! Using it is half way into disaster.

I typed this as a brainstorm thing with my 2nd coffee only, disregard the misorder and draw your conclusions wisely ;)

Bit

One more thing:

If WannaCry was based on a Zero_Day_Exploit this could have gone MUCH WORSE !

I fear exactly that scenario:

Waterworks, Electricity, Dams, Airports etc being targeted by ZD-Exploits.

and there is no way to protect us, that is the plain truth.

disabling SMB in windows features has been advised to guard against this particular attack, it looks like version 2 will be out soon and without a kill switch, then real damage will be done.

OMG, yes, this will be like declaring war against civilization !

Hang them HIGH ! ZERO mercy from me, I'd have them hung or chopped like in good old days and have the ravens pick the remains

Given this sort of thing is not confined to entering networks via email based malware, it's worth viewing the Shodan.io page for your IP address. They are constantly scanning the web for exposed services. If it's showing results for you that you don't expect (i.e. unless you are hosting a server, it should be a null result), then fixing them through your router's firewall should be your top priority.

Example: https://www.shodan.io/host/194.169.234.5 <---replace the IP address with your own.

Given this sort of thing is not confined to entering networks via email based malware, it's worth viewing the Shodan.io page for your IP address. They are constantly scanning the web for exposed services. If it's showing results for you that you don't expect (i.e. unless you are hosting a server, it should be a null result), then fixing them through your router's firewall should be your top priority.

 

Example: https://www.shodan.io/host/194.169.234.5 <---replace the IP address with your own.

unfortunately guessed 90% of the internet users have no idea what this means :(

That is the big gap to be closed, missing knowledge about essential things regarding interconnected computing.

Golden Years for Hackers !

YEP, it's out & in the wild... it learned...and it's dangerous !!!

PATCH your systems NOW !

https://motherboard.vice.com/en_us/article/round-two-wannacry-ransomware-that-struck-the-globe-is-back

unfortunately guessed 90% of the internet users have no idea what this means :(

 

That is the big gap to be closed, missing knowledge about essential things regarding interconnected computing.

 

Golden Years for Hackers !

Agree, but then again I'd hazard a guess that 2/3 of home users wouldn't know how to manually patch Win 10 and are only barely aware of the auto update running because it is the default setting in 10.

On the positive side, anyone that has patched since March, and I suspect that's most households given the default option is to have auto update on, is already covered, and there is now a patch for XP (never thought I'd ever use those words again! :huh: )

http://www.computerworld.com/article/3196292/windows-pcs/microsoft-issues-first-windows-xp-patch-in-3-years-to-stymie-wannacrypt.html

Aside from a handful of XP die-hards, the biggest issue is the number of corporate systems that are either stuck on XP, or are on something newer but are earlier than March in their security patch level (not good practice, but certainly common to be a bit behind on the patch schedule).

Flying Penguin,

Win10 wasnt even targeted by WC as its security structure is different. Only Pre-10 is targeted by WC ( as of now ).

Gesendet von iPhone mit Tapatalk

Flying Penguin,

Win10 wasnt even targeted by WC as its security structure is different. Only Pre-10 is targeted by WC ( as of now ).

 

 

 

Gesendet von iPhone mit Tapatalk

You're right, the EternalBlue element limits the current iteration of WC to W8 and earlier only , I was thinking of DoublePulsar (the backdoor also installed by the current incarnation of WC), which does impact W10 without the March security update.

Either way, exposed SMB is going to get you hurt so firewall it off and patch, patch, patch! :thumbup:

There a ten-thousands of industrial machines like CNC milling, cutting, transporters, sorters etc etc etc that run on Windows XP ( embedded mostly ). One of my customers sells such machines worldwide, either still MS-DOS or XP based system with Siemens Logo as the brain.

It is very costly to retrofit those machines and the customer, usually big companies in the steel milling and cutting branch, do not want to power down a machine at all...that sort of thing.

I would like to know if this was the case with Renault in France. Were those Roboters in those plants XP driven, likely yes. Were they TCP connected, very likely yes. SMB ? bet on it !

That is far more dangerous and utterly costly for the companies who got hit.

Many boards may not run anything but those two old and outdated OS's, the controller cards are still either ISA or PCI based to make it even harder to upgrade on the fly. That is rather a 50k€+ endavour no one likes to do unless they learned the lessons.

I am gonna phone them up now and ask if all their customers are still happy or if Abu Dhabi called in with " OUR FREAKING PLASMA CUTTER IS RANSOMED" LoL.

It will only continue to get worse, more NSA tools are out there being used by villains, this is just the beginning of what is to come.

 

Lets hope it encourages all manufacturers and corporations to fix their back doors and patch known vulnerabilities

+1