>leave a security exploit in Winblows >it gets broken >the

>>60361428
what the fuck is this and why do i keep seeing it everywhere?

>>60362217
Ransomware distributed over windows computers by a backdoor discovered by the nsa and published to wikileaks last month. You're welcome.

>>60362512
The believe it was published by The Shadow Brokers, not Wikileaks.

>>60362615
Is it a requirement for """"""""""hacker"""""""""" groups to have fucking stupid, edgelord names?

>>60362512
>a backdoor discovered by the nsa and published to wikileaks last month
let me guess, it requires the user to run an .exe or open a .pdf or run some word macros or get hit by a javascript driveby etc? stop calling it a backdoor when it relies on user input

>>60362666
It's an SMB vulnerability, if your firewall doesn't leave port 445 open you're fine. This is why a lot of WANs like the NHS got hit

>>60362666
It actually does not. All it has to do is for the machine to be connected to an already infected machine over an internal network.

>>60362642
well the name of WannaCry is though.

>>60362512
>A backdoor implemented by the NSA, leaked and made public by hacker edgelords protesting because Trump was mean
ftfy

>>60362702
Trump is gonna be in so much trouble when NHS realises he was behind this.

>>60362702
But that's wrong?

>>60362702
>actually supporting the nsa's behavior

>>60362694
>to be connected to an already infected machine over an internal network
and how did the worm enter this intranet? by magic? i'm not convinced

File: 1493064933073.png (239KB, 696x720px) Image search: [Google]

239KB, 696x720px

>fixed a month ago
>people didn't update

>>60361428
>We will have free events for users who are so poor they couldn't pay in 6 months
what a guy

>>60362685
as always, if you secure yourself before it happens, you're safe.

just goes to show how shitty the NHS's IT department his, scary.

>>60362775
Literally a saint

"I registered the domain not knowing what it would do"
Why the fuck wouldn't you sandbox that first?
This dipstick could have made things a fuck ton worse.
He was supposedly smart enough to know how to fine the domain in the code, but not think about repercussions of real worlding that shit.

File: wannacry_03.png (27KB, 718x443px) Image search: [Google]

27KB, 718x443px

>>60361428
>implying this isnt an nsa/cia operation

lel

So is this just for W10 ? Also how would they deliver it onto the system and run it without some not knowing it or a RAT? Do you have to be dumb ?

>>60362834
I am unironically convinced of triple letter agency constant evil doing
those pedos need to be replaced

File: IMG_0360.jpg (103KB, 720x480px) Image search: [Google]

103KB, 720x480px

Another fine day for solving mysteries.

>>60362893
Xp and 7

>>60361428
>>leave a security exploit in Winblows
But that's wrong, MS patched it as soon as the leaks happened. The reason so many companies are still affected is because they didn't update their version of Windows (Server). It's literally sysadmin 101 to keep your systems patched, but there's a whole lot of lousy sysadmins in the world.

>>60362775
"Free events"

>>60362765
Here's a timeline for you.
>NSA backdoors and tools for system entry/hijacking get leaked
>some dude creates initial deployment pre-loaded with several IP ranges known or suspected to contain corporations or other large networks
>it crawls through the IPs, launching the tool at them
>any vulnerable machines that are contacted have a worm uploaded and run on them
>worm launches its own copy of NSA tool to spread to every applicable machine on the intranet
>each affected machine generates a random IP range and starts the process anew
>meanwhile, ransomware bundled in worm begins encryption and fugs the system as soon as it's done

>>60363226
thanks for clearing that up

>>60361428
Stop browsing b8 porn sites with shitty streams YOU FUCKING NEET LOSER.

>>60361428
>not updating your systems

>>60363143
...and fully half the patches microsoft has released over the past two years have been fucking malware! There's a reason people aren't fucking updating and it isn't laziness.

>>60362512
>"discovered"

The backdoor was put there and intended for exclusive use of the kikes at the ((((NSA)))) and ((((MOSSAD))))

>>60362642
maybe they want to sound like edgy skids on purpose
I mean clearly they aren't completely incompetent

>>60361428
AHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAH

Something tells me that this program was a mistake.

The "Contact Us" and the three bitcoin addresses that are hard coded.

>>60361428
>the whole fucking planet shuts down
Britain, wake up, the colonies are long gone, and you are on your deathbed

>>60362512
Windongs 10?
I have Windows 7 updates turn off and encrypted

initial infection is through a person running an infected file on the LAN, right?
Can anyone tell me why this happened in so many places at the same time?

*makes back-up*
heh...nuthing personnel scriptkiddies

>>60361428
I'm basically normie trash when it comes to technical computer shit despite being EE student.

Please explain to me in retard terms how they did this, how long this will last, will they be caught etc etc?

Thanks for your time friends :)

File: 1486763489052.jpg (134KB, 1280x720px) Image search: [Google]

134KB, 1280x720px

>>60362774
>muh update

What retards like you don't get is that Windows knowingly kept open the exploits so their NSA and CIA buddies can spy on your faggot ass for unlimited amount of time. They release the patch only when it came out in the open to save their faces. God knows how many similar and open exploits are there in Windows.

People like you are the reason why other people have to suffer.

>>60364217
burn MS HQ down when?

>Build $500 million computerized infrastructure
>Uses extremely expensive industrial hardware for various things
>Drivers are closed source.
>Windows update breaks driver, updates have to be disabled.
Something is going to have to be done about this eventually. Usually the bigger and more important the device is the worse the software is. I don't know how to fix it, force anything critical to have open drivers so they can be maintained even if the original company fails or stops supporting the product?

>consumers had 2 month to update
>sysadmins had 2 months to test update and roll it out company wide
>get surprised because exploit is seen in the wild
>/g/ loonix user believe this will be the end of Windows

>>60364297
What about just not hanging mission critical systems to the internet?
Then you would need stuxnet levels of dedication for someone to break into your network

>>60364217
>They release the patch only when it came out in the open
They released it a month before. The leaks came out in April and they patched it in March.

>>60363143
>But that's wrong, MS patched it as soon as the leaks happened.
Oh, really? So, how can anyone possibly confirm that? By getting their machine infected? Don't forget that there's no source code.

>>60363676
>>60365073

>>60365058
Do you know how old that exploit was? Keep up with news motherfucker.

>>60363913
windows 7 is super vulnerable for it.

>>60363863
malware actually has pretty decent helpdesks

File: tomorrow.png (5KB, 395x196px) Image search: [Google]

5KB, 395x196px

>>60361428
Just scheduling an update for the first time in a year and I get this.

>>60365115
Doesn't matter. Your original statement was wrong and people had 2 months to patch it and they didn't. The exploit was never used in the wild until now.

>>60361428
Thank god I'm on OSX

>>60365073
>So, how can anyone possibly confirm that?
By not having that shit working on post-march machines?

>>60365277
That exploit was leaked by Wikileaks before Trump became president. Try again pajeet!

>>60365277
>The exploit was never used in the wild until now.
That you know of.
Like you ever would.
Remember where it came from.

>>60364217

same with apple

the (((NSA))) and the israelis know all sorts of zero-day exploits, and apple periodically ""update"" the OS and iOS to remove it, only to leave others behind until they release a new update, rinse + repeat

>>60362834

lmao russkies got a taste of their own hacking medicine

>>60365342
Okay. It was never used maliciously until now.

The NSA are the good guys.

>>60365331
This one?
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?f=255&MSPPError=-2147217396
It wasn't revealed until April. It was part of the shadow brokers dump.

>>60365301
What?

>>60363755
>on purpose
but for what purpose?

>>60365011
>What about just not hanging mission critical systems to the internet?
>Then you would need stuxnet levels of dedication for someone to break into your network
Most of this kind of stuff needs network access as well, for example a photolab machine I was once fixing a network connected to it. The software to run the machine was XP only, the terminals customers used to print photos had to be on the same network for it to work. The problem was the terminals software required internet access to function. So in the end the old XP machine controlling the printer gets internet access.

>>60362512
>wikileaks
Whoops. Normie gets his facts mixed up

>>60363226
So if the NSA wasn't spying on me, I can't get this shit?

>>60362702
>I will defend the NSA if it means I'm defending Drumpf in any capacity
Has any other president in the last 100 years garnered a cult that thinks they can do no wrong?

>>60363143
>The reason so many companies are still affected is because they didn't update their version of Windows (Server).
So let's change the subject

Why doesn't Microsoft actually fucking protect these older server versions? This planned obsolesce shit has gone too far when innocent people are getting fucked by Microsoft's incompetence

>run compromised malware with wine
>encrypts everything
Hey, at least we have good compatibility now

>>60366354
LMAO

I'm not connected to any network on my win 7, not even a printer, and am about to close some ports. Am I ok? Was never good with security shit

>>60366354
Who the fuck runs WIndows Nigger Emulator, anyway?

>>60365349
>/pol/cuckoldry
No.

>>60362642
What did you just said about hackerz bitch?
t. d4rk pen3trator

wasnt the exploit something stupid like
>if u run this exe everyone on ur network will get raped xdxd
how is this anyones fault but the retards clicking random exe files?

Don't must normie Win10 users have the "install updates autonatically" ON by default?

If that's the case they should be fine, right?

>>60365246
Really made me think

>>60367376
because the vulnerability that allows it to fuck a whole network came from the NSA and if they had spoken up it would have been patched years ago

>>60367376
No it can fuck you up even if you didn't click shit. A machine with the smb port open and voila, ur phucced

>>60367500
>>60367504
but how can they run an exe on your computer just from an open port?

>>60365073
>Don't forget that there's no source code.
that's where you're wrong, kiddo.
The exploit was released to everyone.

>>60362702
you forgot to add the russians

>>60367552
Noob

>>60362893
It's for all windows versions starting with xp.

>>60366223
If you're a neet with no friends who only browses the internet on GNU, you're safe. Otherwise, no.

>>60367552
retard

>checking for updates for hours now
>its only been 4 months
>try to visit the catalog page for the specific patch but it hangs when i click it

im fucked

>>60362799
Honestly I think these viruses are overall good for society. In essence I believe these viruses help regulate the average normie's dependence on technology. I would not want treatment from a hospital that has to shut down because their computers are out of commission. If your nurses are too incompetent to write my chart on paper, your doctor's too incompetent to perform surgery without their iPad, and your surgical robots for some godforsaken need Windows XP and an internet connection, then you deserve to get hit by this virus to ground you in reality. It's natural selection, a culling of the lusers.

The public at large has known about this vulnerability since March, that should've been plenty of time for the NHS, et al. to get their shit together.

Can we trace what organizations are being afflicted with WCry? I peronally dont think this is an autoconclusive attack, but just an opening to a bigger attack

>>60365384
>It was never used maliciously until now.
I just want to point something out here. WannaCry was stopped, yes. However, this means very little actually. The exploit used by WannaCry still exists in unpatched machines and has existed for nearly a month before the authors of WannaCry chose to execute it. Other hackers could (and were) using the same vulnerability in completely different attacks. If you were unpatched, you were open to attack by anyone for a whole month. Just because you don't have ransomware on your machine, it does not mean you were not compromised. Also, if you were unknowingly hacked prior to receiving the patch from Microsoft, you will likely remain hacked because of the advanced privileges the exploit allows. Just saying, if you didn't update until now, moniitor your shit very closely, or if in doubt, wipe it out and start new. WannaCry isn't the exploit, WannaCry simply is an example of how the exploit can be used.

>>60367552
You have no idea about anything tech related, do you?
Fucking normie

>NSA needs people to update to their latest backdoor version (now with tracking)
>use their own backdoor to launch shitty ransomware
>everyone freaks out and updates
>a few weeks later the NSA manages to 'recover a bunch of keys' to fix any damage they did

>>60367765
time to backup your files to a couple USB drives and switch to linux

>>60367982
>you were open to attack by anyone for a whole month

No. An exploit doesn't exist only when you are told about it. There a a ton of 0day exploits out there held in secret especially by cyberwarfare companies, criminal groups and government espionage teams.

They go unnoticed and unpatched for months or even years so they can be used to make money and or gain some advantage over competition.

Well I did the update for W7 and blocked 445 TCP as well disabled file printer and sharing on the same port.
So whatever if I get infected I will stop using W7 im already backing up everything to MEGA

>>60362834
sauce?

>>60365204
>windows 7 is super vulnerable for it.
Would they even bother releasing patches for Windows 7?

File: 1488553087916.png (326KB, 453x566px) Image search: [Google]

326KB, 453x566px

>>60365204
>windows 7 is super vulnerable for it.

>add firewall rule to block port 445
WOW NOW ITS SUPER INVULNERABLE

fucking fearmongerers

>>60368342
They released XP update that speaks volumes that this was known bug internally.

>>60361428
Or you know, update your fucking pc. Microsoft put a patch out back in March for all OSs back to Vista. Faggot.

>>60368381
Firewall doesn't mean shit, retard.

>>60368406
t. actual retard who doesn't know how shit works

>>60368423
>what is hole punching
Thanks for confirming you're braindead.

>>60365073
Because everyone with the updates didn't get it.. What's hard to understand about this? If your cock so erect to shitting on Microsoft? Sure they're faggots but goddamn they did their job here.

>tfwI haven't updated my PC for like 3 months

Kek

>>60368461
>what is hole punching
Ask you're mom, she'll know what it means.

>>60368461
Are you really this fucking stupid?
Hole punching requires an outgoing connection first.

>>60361428
well, tough?

>>60362834
more infections in luxemburg than in china?
that's quite suprising.

>>60368515
Good thing the worm contacts an external site before doing anything, then.

>>60368534
Alright,
>block 445 on a non-infected system
>ransomware is now btfo
>BUT HOLEPUNCHING WILL SOMEHOW DO SOMETHING
no.

>>60368575
>block 445
>any device on any network you ever connect to is infected
>gg

>>60367863

kys my man

>>60368609
are you high?

Transactions are piling up.
https://pastebin.com/hy08Eypi

>>60368632
How do they know who paid if they only have 3 addresses?

>>60368243
Isn't mega shit now? Heard after Kim's wife snatched it from him it went downhill.

>>60368628
Go be retarded on reddit.

>>60368714
>hurrr the ransomware can infect people in the internet even if you block port 445
how about you go back to retarddit

>>60368691
They don't, this piece of shit is a fucking terrible copy-paste job done by some retarded script kiddie.

>checks one random address for sandboxing, killing it globally if the address is registered
>bitcoin addresses aren't generated per computer

It is a shame my W7 with killed updates and defender hidden behind router + firewar combo havent caught this. It would be perfect opportunity for me to finally leave windows as gaming machine, switch to my linux and stop being manchild.

Does it encrypt whole hdd (even unknown partitions for windows) or just selected filesystems / files?

Atm i would lose my saved game worth on ~16 hours which would be sad.

Maybe my dad will download something from internet and hopefully it will kill my own pc too.

Also these attacks are godsend. Everything runs on windows and this is the only thing which will force people to care. With a bit of luck, it will push more people into open source.

Next thing we need to kill are intels blackboxes ime on our mobos.

>>60368389
Well, they knew since like last October. But they probably didn't expect something like this.

>>60368751
https://en.wikipedia.org/wiki/Hole_punching_%28networking%29

>>60368814
>requires both clients to make outgoing connections
how is a non-infected system going to make an outbound connection to get infected you mongloid?

>>60368869
Only one needs to connect because the connection is between the controlled domain and the target, not two targets via a controlled domain. All you need to do on the non-infected machine is connect to a site that is owned by the controller, which includes and is not limited to loading images on popular sites which load images from remote sources or loading a user comment that makes use of xss.

>>60366251
Obama
Coolidge

>>60368950
oh so now we moved from
>anyone can get infected by simply being connected
to
>anyone can be infected if they do x
nice moving goalposts retard

File: 1327968260550.jpg (40KB, 600x400px) Image search: [Google]

40KB, 600x400px

>https://gist.github.com/slider23/bd617d0d376047c05d18980fde306840


>Infections
>>FedEx (us)

mfw I work for UPS

>>60368989
Keep moving the goalposts. I'm sure you'll reach jupiter soon.

>>60369012
okay dipshit go ahead and infect a passive target with your hole punching

>>60367863
you are retarded

>linux fucks up 8 times when you try to run it
hurr durr its just as it is intall gento newfag
>windows has an exploit once for a 5 years
HURRR BIG VICTORY OF LINUX

>>60369037
See: wanacry.
We all know you don't wannacry since you're already crying.

>>60361428
Normies use macOS too, they weren't affected.

>>60367688
Would this be why my past two windows drives crashed? I thought it was bad luck or something to do with the os since one's a direct copy

Maybe it was good luck they crashed after all

>>60369086
I will just give you the benefit of the doubt and assume you're baiting and not fucking braindead

>>60364217
Idk about you guys, but after nsa got leaked I personally checked for updates continually and always updated very shortly after its release

>>60369101
normies have windows auto updates enabled, they weren't affected either. normies don't use windows xp in 2017 (the only one that was not patched 2 months ago).

>>60362774
Welp just installed Windows 7 again last week and got it patched up with WSUS Offline plus I have Comodo firewall set to block shit. So far so good

>>60368168
I know that, dingus. But oviously you'd have to be an insider or a clairvoyant to know otherwise.

it can't be stopped

Yfw /g/ has NEVER been this busy

>>60368696
You get 50GB upload for free and there is such thing as megadownloader that allowed you to download as much as you want for free.
Not legal but eh

File: Capture.png (68KB, 820x436px) Image search: [Google]

68KB, 820x436px

Why I dont have SMB value in my registry?
Anyone knows why is this?

>>60362642
Yes.

File: .png (54KB, 907x609px) Image search: [Google]

54KB, 907x609px

>>60369338
it's all the fucking /v/edditors spazzing out and falling for the mass histeria.

literally the only people vulnerable are curry nigger tier managed networks. it doesn't even matter if you turn smb and have un-updated windowsas long as you have port 445 closed as you should.

>>60369778
>>60369728
can you help me out?

>>60369728
>>60369802

you are infected lad

>>60369802
it's off by default. you need to add the values to your registry.

this is why the mass hysteria is so entertaining.

>>60369128
Well ur stoopid u poopyhead

>>60365204
All windows versions are equally vulnerable, because they all have the affected component.
Windows 10 is just more likely to have the patch for it, because it updates automatically and it's difficult to turn off that functionality.

>still no wcry rule34

looks like the nhsfags have decided to pay up since suddenly it's only 6 hospitals affected

>>60369962
>no moe wcry chara yet

>>60369847
Alright thanks.

>>60369847
>it's off by default. you need to add the values to your registry.
but that's wrong.

>>60364217
Do you have anything to back this up?

>>60362642
Um yes? What kind of question is this? That's like hacker 101

>>60370035
except it's not. if you don't turn on file and printer sharing then smb it's off which is the default state.

>>60362615
>Published TO wikileaks

>>60362799
The conservatives refunded the NHS IT to save money. They're still on XP and refused to pay Microsoft for extended support.

>>60370080
Ok, I don't remember the file and printer sharing defaults.
But the lack of registry values doesn't mean SMB is off. Both SMB1 and SMB2 (and maybe even 3) are enabled when you have file sharing.

>>60370118
They're still on xp because of outdated software.

>>60370223
I AINT

>>60370223
someone already bought the domain to cock block the ransomware.

>>60370140
Filesharing is off since forever on my machine so seems Im fine.

>>60361428
The normies are the ones who took the free Windows 10 upgrade thus leaving automatic updates on. They're fine.

>>60370223
Someone better do this. I want to find out.

>>60370242
well yes, obviously, but I say that what if we "block" the domain again by making it not respond to the requests of the wcry, will it work again?

>>60370242

https://intel.malwaretech.com/botnet/wcrypt/?t=30m&bid=all

>>60370314
>>>60370223
>Someone better do this. I want to find out.
Same

I'm scared how do I block this on w7

>>60370314
problem is, if you DDoS 'em then they will know where that is coming from. this white knight will probably give your IP to the feds or the bongs

>>60370334
>I'm scared how do I block this on w7
Install updates

>>60370334
>close ports 445
>disable file sharing
>dont click on what grandma would
>update
youre probably in the clear with this

>>60365246
this is really deep

>>60370349
>>>60370314
>problem is, if you DDoS 'em then they will know where that is coming from. this white knight will probably give your IP to the feds or the bongs
Even under proxies, or can't you just use a dummy computer that you don't use for identifiable things?

Hasn't walmaretech killed it off?

>>60370349
Use a botnet?

>>60370334

you can't. it's unstopable armaggeddon. if i were you id start stocking up on tinned food because society is about to collapse.

>>60370381
I have limited knowledge about this topic, but I don't expect the NSA to be held back by a couple of proxies, in a situation as serious as this. Also, proxies will generally get your throughput down, which is exactly what you don't want in a DDoS.
>>60370435
I'm using chrome atm, where is the DDoS button?

>>60369938
>patch every computer at home
>last one is W10 pro
>automatic updates disabled by group policies
>search for updates
>can't chose which ones to install. Its all or nothing.
>click update anyway
>one of the updates is the anniversary edition
>all updates download OK but the anniversary edition.
>WU hangs downloading it. Progress bar stuck forever.
>nothing gets installed
So this is the most secure windows in existence. Guess what I'm not trying again.

>>60361428
I haven't turned on my computer since this has been going around. Too scared. Haven't updated since September 2016.

>>60370518
I hope you actually unplugged the internet cable because the virus also infects modems and routers, and can infect some brands of PCs too that stay in hibernation even when turned off.

>>60370584
can confirm

>>60362512
>discovered by the nsa
nope, they probably bought it from VUPEN or some shit

>>60362666
>>60362694
user receives e-mail with word attachement, user opens word attachement, if PC is not patched with https://technet.microsoft.com/en-us/library/security/ms16-110.aspx it infects it and then finds all other unpatcxhed machines on the network via port 445 and 139 (SMB)

>>60370584
>>>60370518 (You)
>well it's my Thinkpad t410 Laptop, so I never use ethernet. It's been on hibernate since Thursday night. W81

>>60361428
>Literally because of Obama and the Democrats
>"Thanks white people!"
>OP

>Connecting your work computer to the internet

this is what you get

What's the quickest way to get infected, I hate where I work.

>>60370720
The virus has stopped spreading since it killswitch got sinkholed.

>>60370712
What do white people have to do anything, they're criminals no matter white, black, yellow, or red.

>>60370768
>>60370768
IMplying there aren't multiple other versions with different killswitches floating around

>>60370768
>>>60370720
How long has this been?

>>60370884
What is the point of making a copycat when there is so much heat on the current variant? Everyone is patching the vulnerability you are exploiting and the only thing you are getting is buttfucked by NSA.

https://intel.malwaretech.com/botnet/wcrypt/?t=30m&bid=all

killswitch bollocks. the media is playing it down.

>>60361428
>>60364217
>M-Microsoft is e-evil and l-left in an explot

ITT: retards who don't know how tech works

>>60370907
>he thinking there is only one C&C

>>60362702

But doesn't it make Bush/Obama look bad since they were the ones who pushed the mass surveillance meme and got Microshaft to leave backdoors open on their systems?

>>60370919
The killswitch has been triggered meaning it can't infect via the internet anymore. But it is still running rampant on local networks.

>>60370959
That doesn't go far I don't think, and it's not leaking through any up link I don't think either.

>>60362642
Of course, do you have autism or what?

>>60371010
Maybe there is another variant.

>>60370959

It's spread to loads of new locations on that map since this killswitch stuff was first published. The media is trying to avoid panic. In the UK theyre only reporting on the NHS and not any of the other organisations to conceal the true scale. They're trying to avoid the mass panic and crime wave that would happen if the public knew the truth. The police computers are totally paralised and the spread cannot be stopped. Eveything is about to descend into anarchy. Forget about your computers and start panic buying food and barricading your house.

>>60370919
>>60370959
>>60371010
https://blog.didierstevens.com/2017/05/13/quickpost-wcry-killswitch-check-is-not-proxy-aware/

>>60370959
I don't understand why the guy behind this hasn't just changed this one line of code and kept on cashing in.

>>60370959
The killswitch is only temporary, the ransomware authors will fix it and relaunch probably today sometime.

There's still tons of people who won't or can't patch their system or can't figure out how to block the SMB protocol it will continue to infect shit

>>60371088
can confirm, I'm a firefighter and then sent us all off because the systems are dead
don't burn your homes for now

>>60371100
>>60371098
If you are the author of this malware, you will be nuking all your harddrive and leaving to a place where you hope you never hear a knock on your door ever.

>>60371051
Enlighten me with SMB Protocol if you will.

>>60371149
You would think yes, they would take their $500k or so bitcoin loot and disappear but I doubt it.

>>60371100
They've gotta have some balls to do it again.

The monthly security patch from March includes "MS17-010" which, addresses the vulnerability SMBv1.

Had they simply installed those patches, it wouldn't have gotten this big.

I blame the hospital/government IT admins for being incompetent.

>>60371187
They are apparently still moving coins around and unlocking systems so the scam is ongoing

>>60371149
ransomware people never get caught though, why would this one be different, seems like he wiped his tracks pretty well. he can do it again if he can do it now, and if he can't, well then he wouldn't know it yet, and would think he can so he'd do it

So is it fucking confirmed whether it can spread over WAN or not?

>>60371179
Bitcoin is banned in EU so his only option is to withdrawal money in US and possible in some fuckhole somewhere.
In my eyes this is a very primitive attack since we dont see advanced polymorphic behavior he should take whatever money he has and just disappear.

>>60371204
The scam is automated. This just means the servers that the scam is running on is still working.

>>60366322
This has nothing to do with older servers.
This is an SMB1 exploit. IT EXISTS IN ALL VERSIONS OF WINDOWS NOT PATCHED SINCE FEBRUARY.

So why does SMB1 still exist? Because dumbass corps need SMB1 for their ancient printers, fax machines and XP machines still connected to the network. Would cost millions, if not billions if a patch just disabled SMB1 worldwide.

So why were Windows web servers vulnerable? Because SMB1 is on by default as mentioned earlier, and dumbasses doesn't disable SMB1 or block it in the firewall.

>This planned obsolesce shit has gone too far
No, retarded corporations who cannot update a 13 year old web server are the ones who went too far.

>innocent people are getting fucked by Microsoft's incompetence
Actually it's the retards not patching and updating their machines who are incompetent.
Microsoft released a patch for the unsupported Windows and Windows Server versions.
They shouldn't have. Retards should learn that internet-facing machines are SERIOUIS FUCKING BUSINESS AND WILL BE TARGETED.
LIKE HOLEE SHIT WHY DO YOU HAVE SMB EXPOSED TO THE INTERNET NIGGA WHAT ARE YOU DOING
I AM SO ANGRY

>>60371208
they get caught all the time you mean.

even the people who write (badly) the crypto code get arrested as accomplices in these cases.

normally however ransomware is geoIP protected to not infect your own country, and considering this malware hit every country last night (esp China/Russia) that leaves the authors with absolutely nowhere to run to avoid extradition if they get caught.

These guys arrested all the time
https://www.bleepingcomputer.com/news/security/russian-hacker-kolypto-who-worked-on-citadel-trojan-extradited-to-the-us/

https://www.bleepingcomputer.com/news/security/italian-botnet-operator-who-made-over-325-000-extradited-to-the-us/

http://www.csoonline.com/article/3068511/security/alleged-syrian-hacker-is-extradited-to-the-us-on-extortion-charges.html

They will get them the moment they try and cash those coins out, moving inputs around anonymously is highly difficult with Bitcoin once nation states notice you

File: Updates temp.jpg (185KB, 1283x756px) Image search: [Google]

185KB, 1283x756px

Which of these should I update? Or, I guess a better question is do any of these contain any annoying messages or telemetry?

>>60371179
>they would take their $500k or so bitcoin loot

You can see how much bitcoin they have right now cause they only used 3-4 address.

File: 1492637738313.jpg (17KB, 200x232px) Image search: [Google]

17KB, 200x232px

>>60365869
It's post-ironic

>>60371335
>updating only AFTER the malware already died
You are all a special breed of retard.

>>60371202
>incompetent
hospitals run old software that doesn't work in new OSes, only on win XP...
I blame the fucking retards who made said software

>>60371266
I assumed it was too but the coins are not moving in an automatic fashion, as that is one way you can be discovered running bitcoind behind Tor is with predictable actions. Otherwise investigators can dump micro amounts into one of your auto move accounts or pay some ransoms and see exactly where the coins exit the network in order to follow them/build an entire map of your criminal stash.

>>60371395
No the people that made the software just drop support for newer OS.
It is that simple.

t.Private practice owner

>>60371391
yeah I'm pretty bad but I literally only heard about it half an hour ago when I opened up /g/ whilst pooping

>>60371391
Malware isn't dead completely. Read >>60371095 Also patching means no copycat will get you using the same exploit.

>>60371335
Why would anyone update? As long as your shit works, it's all just fucking bloat. I haven't updated my Win7 for years, and if I do it's just a specific manual update.
Never got a virus once I switched to ESET too.

>>60362834
>based Australia not on list
nice

>>60371419
er, signature of the coins exits the network.

>>60371445
Only updating after hearing about an outbreak still makes you a retard, you're completely missing the point of security updates and you will always be vulnerable.

>>60371395
If your software is vulnerable to security breaches, you keep them in isolated environments away from potential infection vectors. Blaming malware for your incompetence is like blaming the high tide when you get caught unaware walking on the beach and drowning.

>>60371461
Win10 is automatic updates which is how it's supposed to be done (Chrome does this too), though Win10 Enterprise the updates are not automatic, kek many Win10 boxes still had vuln SMBv2.x

>implying Microsoft isn't the one responsible for this

>>60370491
Use wumt

>>60362832
>Find the domain in the code

Not because he saw all the DNS requests coming back NXDOMAIN then?

Pls kys and then go back to AOL non computer folk are not welcome here

>>60371490
I stopped updating because of the windows 10 promotions and the telemetry stuff 1-2 years ago, also since it's a massive inconvenience.
I shouldn't be given adverts that I don't want in a product I paid for.

Stop victim blaming!

THIS IS THE FAULT OF THE CRIMINALS

>>60371500
because of near criminal service contracts they can't even update medical device software as it violates some service agreement and leaves them open to lawsuits.

they already do isolate these things by pilling firewalls/VLANs problem is they have so many devices and Pajeets running their networks one infection means at least 1000 other devices are on the same VLAN.

I once worked for an airline who had boxes they could not reboot, for fear they would never start again. They couldn't patch the boxes either, so the solution was to just pile firewalls in front of them and hope for the best. These were critical infrastructure boxes too if anybody got past the JuniperOS firewall (the NSA did, and apparently every other nation state) it would be game over as you would have full write/execute memory privs on those boxes.

>>60371500
well, sure, you are right?
but stil, what if the software requires an internet connection, or a connection to some remote server using smb? devs are to blame

>>60371646
Then it is their own fault for not overhauling their infrastructure. This is just the beginning, sooner or later a huge vulnerable will cripple something major and then maybe companies will learn to spend some money overhauling their systems is a good idea. Fucking morons.

>>60370932
Well it is a plausible theory. But I'd agree that anyone who believes this with no evidence is just a fucking tinfoil hatter with hatred towards MS.

>>60371202
>I blame the hospital/government IT admins for being incompetent.

You can't just update hospital computers easily. That's why they just throw out old ones and put in new ones.

>>60371686
I would say at least 60% of modern, critical infrastructure is exactly this: ancient SCADA and outdated 1980s RTOS running behind piles of firewalls because it would cost way too much to replace them. A real-time OS for critical environments is not cheap whatsoever (also doesn't help these corporate CTOs are all clueless, demanding "enterprise" contracts so many of these old boxes still have 10+yr contracts left).

>>60362685
My windows machine got hit by this and all I use it for is to play POE.

>>60371680
This vulnerability has been known for months. If your software requires those services, then you take the appropriate steps and patch your systems with regards to said vulnerability.

>>60371728
I don't disagree. But as we rely more and more on computers and as more and more shit gets put online there will come a watershed moment in the near future that having ancient software as mission critical infrastructure is absolutely fucking moronic and that the millions spent overhauling it actually outweighs all potential future security issues. That moment is coming soon.

>>60371391
Worm variants are commonplace event with Windows computers, anon. Updating late can still save you from getting hit by one left in the wild or a knock off of it.

>>60362642
do you not know how hacking works or something?

>>60371728
i believe some of these attacks are spread by cybersecurity firms when they aren't making enough money.
but of course that doesn't necessarily mean its the case

File: hacker-Gu-577f9e9d3df78c1e1fb0b9c4.jpg (154KB, 2121x1414px) Image search: [Google]

154KB, 2121x1414px

>>60362642
this is how normies think hackers look like

>But you have not so enough time

OUch too bad! Seems like I may have enough time a little bit, but not SO enough.

>>60361428
I would say in the millions at least faggot.

Normie a updated to Win10 where this thing had no power.
Only Autists and businesses got hit by this.

>>60372040
Autist who are paranoid should be sitting behind a firewall will all ports closed or stealthed and they are not broadcasting their network ID and allowing random plebs to join their network.

Can I get this from eating a dodgy burger? Because it sure did taste funny.

>>60372154
Yes if you bring your computer to theburger place

>>60370144
So update to windows 7/10/Linux and use a sandboxed VM. Their only excuse is incompetence.

oh my god

its out of control

https://intel.malwaretech.com/pewpew.html

>>60371937
Well they kind of did in like 2008. At least it beats the fat sweaty neckbeard or the Garth from Wayne's World nerd stereotypes.

>>60371738
>patch
>XP
lel, sure thing kid

>>60371937
Wait are there actually people that don't hack wearing a hoodie and mask? Everybody knows you gotta at least have the mask for that sweet +3 bonus for writing malware.

>>60372582
If you are using XP, you need to firewall the shit out of your XP devices and keep them isolated or suffer security vulnerabilities. It is not like MS stopped supporting XP yesterday.

It's fucked. The whole thing is fucked.

>>60364052
Ever heard about Sasser?

Fuck this shit, I'm on a college network. Blocking all connections untils this is fixed. Thanks NSA.

>>60372582
XP POS is supported to 2019.
So whatever

>>60373176
You're welcome

The name WannaCry makes me want to challenge them by coming up with an even more edgy hacker group

>>60372413
True

>>60374289
#WannaCringe

>>60373052
I'm using my spare computer to download the updates via WSUS for my main one.

>>60368308
not sure if original source but it was also on ars

>>60372121
Hiding your network name doesn't actually really do anything. You can still see it with network scanning apps.

>>60362666
Nope. Wrong guess.

Just being retarded enough to run Windows is all you have to do.

>>60362774
>MS slips bullshit people don't want into every update
>nigger is surprised when people choose not to update
Think for a minute you nigger.

>>60374734
That's why people should just switch to the Enterprise Version of Windows 10.

File: Capture.jpg (29KB, 491x239px) Image search: [Google]

29KB, 491x239px

>>60374967
Or just, like, use Windows 8

>>60361428
Micropenis saved the exploit so people have to upgrade to (((W*dows *10)))

>>60375070
That's what I'm doing, but I want windows 10 without the telemetry.

>>60375241
Trust me, it ain't worth it

>>60375241
Enterprise have telemetry. It's also very expensive to use it at home.

>>60361428
Reading your post I came to the realization that you're utterly retarded and you should stop posting on any forum of any kind. It makes people 5% stupider just reading that.

File: IMG_0006.png (296KB, 360x448px) Image search: [Google]

296KB, 360x448px

>>60374967
>>60375070
Or just don't use Windows.

>>60375400
Poojeet MAD!!!

Rawr!

>>60361428
Who uses winblows anymore?

>>60377517
windows (overall, across everything back to 3.1) holds 91.68% market share

>>60362642
Yes especially when state level actors wish to hide behind the veneer of being a bunch of stupid edgelords.

>>60361428
How are people even getting this shit? I came to /g/ to look at the nyaa replacement thread and am entirely inept when it comes to a deep understanding the tech field. Running Win7 and probably haven't updated my OS in over a year

>>60377851
It only affected like 0.001% of Windows users.

>>60377517
Cucks and gaymers and boomers. That's it.

>>60377517
Everyone who's not a retard.

>>60377893
>0.001% of Windows users
So /g/ is just doomsaying because they have nothing else to talk about? Glad to hear it, back to watching weebshit in that case

File: 1494717013007.png (25KB, 736x417px) Image search: [Google]

25KB, 736x417px

>>60377517
Some people but a lot less than the MS shills would have you believe.

>>60377992
You don't even know what that's from, do you?

>>60378025
looks like your mom

>>60377992
>21.7
LOL you wish

>poll 2000 neckbeards
>"select your OS"
>400 mustard stained papers are returned

>>60362834
>Russia known for having ridiculous proportion of Windows XP machines
>Acting like it's special when they're most affected

Pay up cuccs

>>60365296
thank god I'm on ganoo/loonix :^)

>>60378025
>>60378072
the sun is setting on MS

https://pastebin.com/aAK28yuB

>>60362685
Something tells me SMB is a horribly shitty protocol and the implementation sucks even more

I dont know what else I'd expect desu

>>60362774
What is the update number so that I can look for it in the update history?

>>60371310
Australia was unaffected. Really makes you think.

>W10
>fall for the update meme
>full update involves installing anniversary upgrade
>download fails
>disable automatic updates via group policy
>download latest 1GB cumulative package to install manually
>stuck at "copying to cache"
>run troubleshooter
>it says no problem :(
>procceed to clear WU cache manually
>try again manual install after reboot
>Initiallising update OK
>Now stuck on installing, progress bar still at 1% after 20min
JUST

>>60375450
You're forgetting about the software I invested in with Windows. Convince me I could run Sony Vegas, Office or any other any other x86 program on Gentoo or some shit.

>>60378977
>W10
found the problem already

>>60361428
Mac OS does not suffer this problem.

>>60362774
I'm a fucking idiot but I could use some advice.
The update that fixes this broke some other shit on my computer that I want to use. If I system restore or uninstall the update directly, it reinstalls when I restart.
How do I actually remove it?

File: 1478833863441.jpg (45KB, 391x459px) Image search: [Google]

45KB, 391x459px

>>60361428
As someone who works in IT on the consumer level- there is literally no response- I was prepared w/ all this script in case and it never came up- obviously its all about enterprise and their update schedule, but still I am surprised by the response.

>>60361428
anyone have a sample of the script?

>>60367312
nigger

>>60362834
india in top 3
superpooper 2020

>>60365246
>That time is in the past.
fug

>>60366354
did you actually do that on linux.
fucking hell.

>>60383105
I'm weak

>>60363082
kek

>>60371234
>>>60371179
>Bitcoin is banned in EU

American education at work. We have bitcoin atm's here on streets, you americunt.

>In my eyes this is a very primitive attack

/g/ keeps on giving

>>60378228
0 btc