HOW IS THIS SPREADING?

I'm not sure what you're asking anon. Are you asking in the case of an airgapped machine? In that case it could be from infected physical media being run on the host.

What about a network that doesn't face the internet but has internetworked devices. Perhaps one of those devices became infected and spread through the internetwork?

Maybe the network's DMZ isn't set up, or simply does not exist. Then a device that's been outside of your network could have been infected and spread once it came into your network's green zone?

But yeah don't fall for phishing either.

Someone said the shit is generating random IPs to try penetrate. I am scared.

https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/

>>60363693
>>60363704
>>60363720
you are not answering the question. learn to read. i'm not op btw

>>60363693
I'm asking how a computer connected to the internet would get infected. I understand the worm THEN scans and spreads across the LAN, but what is the entry point from the internet?
The point of patching up the SMB vulnerability is to prevent its spread, but your first machine will be already F U C K E D
>>60363704
That's what it uses to spread on the local network, using the SMB vulnerability. Just patch up and you'll prevent the local spread.

File: 51vTU2sdReL._SL500_AC_SS350_.jpg (27KB, 350x350px) Image search: [Google]

27KB, 350x350px

>>60363740
u R nOt AnSwErInG tHe QuEsTiOn, LeArN 2 rEaD

>>60363640
It's a file you downloaded whether in the temp folder, it loaded with the site or you clicked on it, it probably has a fresh hash so your shitty antivirus didn't see it

>>60363704
Don't spread the panic, now I'm spooked as well. I just wanted to drink my coffee in peace, but now I remembered that I dreamt that my PC got infected.

Surely I'd notice a process encrypting my entire fucking drive, using up my CPU, yeah?

>>60363640
AHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAHAHAHAHAHAHAHAAHAHAHAHAAHAAHAH

>>60363762
>I'm asking how a computer connected to the internet would get infected. I understand the worm THEN scans and spreads across the LAN, but what is the entry point from the internet?
The point of patching up the SMB vulnerability is to prevent its spread, but your first machine will be already F U C K E D

Ok, yes it was mostly phishing but I wouldn't be surprised if they used drive-by downloads too. Fuck companies that use Ad-Block blockers.

>>60363640
>>60363704
>>60363720
I'm seeing multiple comments saying something about a opening a pdf.

>>60363816
Scratch that.

>>60363640
the usual dumb-monkey attack vector

i.e. "CLICK HERE TO WIN A PRIZE!!!"

eugenics should be law

>>60363640
Most time it's just phishing, running suspicious executable files from random websites and sharing the same network with morons (A.K.A. the people that would open TaylorSwiftFirstPorn.mp4.exe without ceremonies).

As a common residential user, you wouldn't need to worry about since you're probably NAT'ed by your ISP and port 445 would be unavailable/filtered anyway.

Just keep your OS updated and setup a nice firewall and everything will be fine. Antivirus is also recommended, that's a Common Sense™ by itself.

>>60363972
Yeah that's what I thought, but still, it's hard not to be memed by all the FUD. Thanks anon

>>60363640
everyone saying "nancy from finance" wanted to open her prize.exe, but they're forgetting one important thing:
all over the world the nancies are opening the same file in the same ~4-hour timeframe? isn't that strange? And how does this mail get through the spamfilters in the first place?

I use ubuntu gnome.. should I be worried?

>>60364010
are you saing the all the Nancys are connected somehow in an intergalactic vampire cult. jesus, just how far does this rabbit hole go?

>>60364010
This. Thankfully I just dual boot W7 for gayming and have a firewall always on. Gonna patch up and disable SMBv1, but also gonna restrict my browsing just in case.

>>60363640
I USE ARCH LINUX SO I HAVE NOTHING TO WORRY ABOUT HAHAHAHA

>>60364040
well it's either that, or we're missing something.

>>60364010
>>60364040
Doesn't the worm just generate a random IP and connect via Port 445 and run if it exits?

Just disable SMB in regedit and you're fine. I don't see what the deal is

>>60364083
Should I disable SMBv1 too?

>>60364077
I thought that was what it does àfter the first infection. I know nothing, just trying to make sense of it. Thought port 445 is only unprotected against local attacks.

>>60364083
>>60364086

Or install ARCH LINUX, the distro I use, the best Linux distro, ARCH LINUX.

>>60364083
You clearly don't get it. It ain't that friggin hard.

Disabling SMB only protects OTHER PC'S ON YOUR LAN, but NOT your own computer from infection in the first place.

>>60364086
Nah, just be sure to set that value to 0 my nigga.

>>60364111
>>60364086
Better solution: INSTALL ARCH LINUX, the greatest distro (which happens to be the distro I use)

>>60363640
>Wincucks actually wannacry.
I heard its a docx file that on download executes itself, but first you do have to download it so, it still boils down to nancies and grandpas

>>60364086
No need if you got the latest security patch from Windows Updater.

But since it's useless for most people, you can do it no problems.

File: 1478649985955.png (387KB, 2560x1440px) Image search: [Google]

387KB, 2560x1440px

>>60363640

>>60364139
ARCH LINUX IS BETTER THAN GENTOOFAGLINUX and everything else shut up

>>60363640
I have no idea what u guys are talking about lol.

All the technical jargon is lost on me :(

Please help

File: lol.jpg (31KB, 314x486px) Image search: [Google]

31KB, 314x486px

>>60363640
my lambo aint gonna get em new rims by itself you better pay or else you won't see your furry porn anymore faggot.

File: 1463182063100.png (195KB, 400x388px) Image search: [Google]

195KB, 400x388px

>computer got awfully slow
>check windows updates
>disabled, haven't updated in like a year
ahhhhhhhhh

>>60364150
This way: https://wiki.archlinux.org/index.php/installation_guide

http://msft.social/VIIqP4

File: Screenshot_2017-05-13_11-17-55.png (86KB, 712x381px) Image search: [Google]

86KB, 712x381px

Kind reminder that having a FLAC library is never a mistake

>>60363872
>the usual dumb-monkey attack vector
>i.e. "CLICK HERE TO WIN A PRIZE!!!"
>eugenics should be law
So as long as you stay to your regular sites, don't open any suspicious files etc, you should be fine?

>>60364174
(also python developers are good)

>>60363794
I dreamt about it too

>>60364186
>So as long as you stay to your regular sites, don't open any suspicious files etc, you should be fine?
Yes.

>>60364115
>>60364136
I have done everything - I just want to be sure.

Checked if I have KB4012215 (the Monthly Rollup and I do have it)
Disabled any Inbound Rule on Port 445 in my Windows Firewall
Turned off any Window Feature that has File sharing.
Blocked Port 445 on my router
Set DWORD SMB1 to "0"

Now, Do I have to do this to SMBv1 too?

File: mOnvOJG.png (298KB, 2271x2380px) Image search: [Google]

298KB, 2271x2380px

>>60363794
>open up task manager
>cpu at 60% browsing /g/

>>60364203
Tanks!

>>60364211
>CPU at around 20%
Feels good, man!

>>60364186
No. You need a better OS. TRY ARCH LINUX.

>>60364206
You're already protected from your LAN just fine.

>>60364232
>Tanks!
But also take a look at >>60364206 if you want to keep yourself safe in case you share your LAN with other people.

File: 1490312961789.png (176KB, 616x492px) Image search: [Google]

176KB, 616x492px

>>60364236
Thank you anon, now I can finally sleep.

>>60364234
Fuck you pleb, I use FreeBSD, and it is actually running faster then gnu/loonix

>>60364234
>ARCH
That's not how you spell "autist"...

>>60364206
Make sure to restart after making the changes to the registry.

>>60364157
Wow aren't you a smart one?

>who needs updates durrr

File: Untitled.png (159KB, 1501x772px) Image search: [Google]

159KB, 1501x772px

which update do I have to install to avoid this?

>>60363640
My guess is it's actually Phishing.

It seems like that it's initially been spread via phishing to get into internal systems, then making use of the lax security internally it spread like wildfire and just waited either for the activation call or a set time.

window fags BTFO

File: Screenshot_2017-05-13_11-34-53.png (58KB, 759x226px) Image search: [Google]

58KB, 759x226px

>>60364334
you seem to be correct, it starts with an exe
http://blog.talosintelligence.com/2017/05/wannacry.html

File: 1491101627542.png (89KB, 298x298px) Image search: [Google]

89KB, 298x298px

>>60364313
Close one!

But I don't think that matters anyway.

>>60364333

Need help with the same.

I am on Win 7 64.

What update can I manually install to be safe?

>>60364387
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Find your OS in the list, download the update file, then perform the update and reboot.

File: 1491105375877.jpg (26KB, 311x296px) Image search: [Google]

26KB, 311x296px

>>60364333
>>60364387
Assuming you're on Windows 7
Check if you have either KB4012215 that was put up on March 15th or KB4012212.

>>60364407
The Security Only or the Monthly Rollup?

File: 1449370724143.jpg (21KB, 296x360px) Image search: [Google]

21KB, 296x360px

>KB4012215 didn't show up on windows update
>microsoft's download for it is down

Do I need to block 445 on TCP or UDP or Both?

>>60364412
>>60364420
>>60364427
I'm pretty sure that the Monthly Rollup has the Security Only update as well.

File: 1366963797095.png (188KB, 374x370px) Image search: [Google]

188KB, 374x370px

>Download KB4012212
>Try to install it
>"The following updates weren't installed: KB4012212"

File: ss (2017-05-13 at 11.21.55).png (4KB, 254x54px) Image search: [Google]

4KB, 254x54px

You did made backups, right Anon?

Patch your fucking system.

This vulnerability is two months old.

>>60363640
It uses an exploit to shoehorn its way in and execute code remotely which then phones home and gets the malware payload sent over. Computers are not perfect. The only 100% (read 99% because there are proven ways to infiltrate and exfiltrate data from airgapped systems, employed by Stuxnet for example) way not to be hacked over the internet is not to be connected.

But wait, there's more. If you think this is spooky you'll get a kick out of the 2000+ 0days in the wild this very moment which are being used with more precision so as not to disclose their existence. Also consider that this is a relatively old exploit, not even a 0day, that was patched in March. Then consider that defense departments all over the world stockpile these exploits for offensive use by spending millions to acquire them off the darknet.

File: 1282507144233.jpg (66KB, 300x360px) Image search: [Google]

66KB, 300x360px

>>60364427

fuck this pos company. Now I cant even update....

>>60364025
No.

File: 1341258578610.jpg (5KB, 251x189px) Image search: [Google]

5KB, 251x189px

>>60364174
>3ds

>>60364563
https://en.wikipedia.org/wiki/.3ds

seriously if you're affected you should kill yourself

>>60364057
fake and gay
this ransomware uses the language of the system, and this is clearly germany

>>60364575
Ah right, forgot about that. But wouldnt it just encrypt both?

>>60364174
>all 160,000 images of my porn & anime collection get encrypted
>all 10,000 flac files of my music collection are safe
Holy shit it's fucking nothing

>>60364590
oh shit nevermind the text is actually in german
legit and straight then

>>60364590
Its true, there are articles all over and a official statement from the train company.

http://www.deutschebahn.com/de/presse/pressestart_zentrales_uebersicht/14176018/h20170513.html

File: 1292348173845.jpg (38KB, 214x216px) Image search: [Google]

38KB, 214x216px

>too paranoid to install windows updates
>too stupid to avoid clicking on obvious phishing bait
>too poor to buy a Mac

/g/ in a nutshell.

>>60364025
Afaik, no, if you're not running wine there shouldn't be any need to worry, just don't start downloading LEFUNNYMEME.jpeg.mp4.exe

>>60364594
It will, yeah.
It just targets popular workstuff extensions.

Obviously a normal user with backups won't pay, but they're after companies with crucial data that rather pay 300$ for than lose them.

File: 1494480981343.jpg (193KB, 1280x720px) Image search: [Google]

193KB, 1280x720px

>>60364333
>>60364387
>>60364412
>>60364427
>>60364437
I looked it up.

>Monthly Rollup
https://support.microsoft.com/en-us/help/4012215/march-2017-security-monthly-quality-rollup-for-windows-7-and-2008_r2

>Security Only
https://support.microsoft.com/en-us/help/4012212/march-2007-security-only-quality-update-for-windows-7-sp1-and-windows-server-2008-r2-sp1

The only difference I see is MS17-006 Security update for Internet Explorer

You should be good if you got either one at the time.

>>60364601
i also was thinking, that looks fake and then i saw the taskbar and that the time was right.

>files get encryped
and nothing of value was lost.

i feelbadman for all the people with important data on their systems. Banks and whatnot NEVER get updated.

>>60363640
guys i think microsoft update is out of slots due to everyone updating at the same time.

>>60364696
I just downloaded the other one I was missing.

>>60364649
Download does not work....

>>60364649
For whatever reason I have neither of these installed, they don't show as available updates and they aren't hidden either.

>>60364708
F

>>60364708
Are you sure?
Check Windows Update > View Update History

File: 1454176825666.png (42KB, 653x726px) Image search: [Google]

42KB, 653x726px

Apparently it's from an exploit called eternal blue.

THANKS NSA!

>>60364708
I have the March preview but not the whole thing installed, this makes no sense

>>60364460
Now I downloaded KB4012215, and it still gives me the same error.
I'm better off unplugging the internet.

File: 1493511601520.jpg (24KB, 746x750px) Image search: [Google]

24KB, 746x750px

>>60364590
And the text in the textarea is in German so what's the issue?

>>60364784
You could do what this anon did. >>60364206

File: 1426205795225.jpg (30KB, 412x398px) Image search: [Google]

30KB, 412x398px

>>60364059
Yeah, you don't even need a virus to break your system, it falls apart by itself.

so with KB4012212 one is then safe?

File: in.jpg (87KB, 1425x277px) Image search: [Google]

87KB, 1425x277px

Tech illiterate here, let me get this straight.

The router protects you from outside invasion on that 445 port.

Pic related is the windows firewall that protects you from local network shit. I can see 445 open for file sharing.

Would a new rule banning all in traffic on port 445 supersede any other 445 rules like pic related?

How fucked is Wine 2.8?

>>60364909
>Allow No
change it to Block Yes

File: hurrr.jpg (20KB, 1535x55px) Image search: [Google]

20KB, 1535x55px

>>60364909
>>60364922
this not enough?

>>60364057
I have to travel with Deutsche Bahn today

Wish me luck guys

>>60364476
NO, ALL MY PORN WITH ACTORS NAMED KINGSTON

>>60364276
>FreeBSD
csíra
nice shovelware am :)

>>60363794
>mfw i had a dream about my computer getting infected and i wake up to this
>mfw no face

File: file.png (4KB, 329x48px) Image search: [Google]

4KB, 329x48px

>>60364909
>>60364948
Refer to this.
Block is just an override.

I think.

File: Screenshot_20170513-122726.png (357KB, 1080x546px) Image search: [Google]

357KB, 1080x546px

>>60364057
They're pretty much finished at this point

File: 1493825461135.jpg (128KB, 1106x632px) Image search: [Google]

128KB, 1106x632px

>>60363640
>windows vm with rdp and smb exposed to the internet
>still not infected
They sure are taking their time.

>>60363640
how do I check if I really blocked 445 off my router?
I did a *.*.*.* rule with port 445 disabled.
Is there an online web tool that can I can use to scan if the port is blocked?

File: tumblr_nkw3c9DhaA1u59jvro1_1280.jpg (429KB, 1272x1272px) Image search: [Google]

429KB, 1272x1272px

>tfw never updated my win7 since i torrented it like 6 years ago
>open windows updater for the first time
>145 updates available

Downloading atm 1gb worth of updates, i have a feeling that after that my computer is sure going to get fucked after 6 years of no antivirus/firewalls/sec updates with 0 problems.

File: 1462259652674.jpg (55KB, 750x500px) Image search: [Google]

55KB, 750x500px

>all these winfags

>>60365106
>Is there an online web tool that can I can use to scan if the port is blocked?

>Web tool scans using a file
>It's actually the worm
>If it does, you're fucked.

>>60364726
Yeah I already checked, the only KB401XXXX update I have is some .net framework update.

>>60364714
>>60364758
I would expect the update to fail anyway.

unrelated question

I haven't updated win 7 in years, would getting the latest monthly rollup contain all the previous security shit through the years?

>>60365392
yes

>>60365392
Im doing just that, atm installing update 128 of 145 total. Will let you know once Im done if youd like.

why doesnt the hospital pay the bill for 1 pc so they can unlock it and get what they need

>>60364057
why the fuck they would use desktop OS on those displays?

>>60365072
It's been ogre for ages, they killed the website it connects to.

can you imagine what it'd be like if an AI would try to do the same, except with hundreds of zerodays?
how fast would it take over everything on earth?

>>60364174
>changed file extensions on my computer to something arbitrary
>.jpg is now .CHINGCHONG
>open .chingchong files wind image viewer
problem solved

>>60365421
plz do

>>60365448
>be a program that runs on computers
>decide to infect all computers i.e. your own hosts

dumbest AI ever made

There are multiple entrypoints. Some are masked as regular pdf or doc files. In addition to this, the infected computers act as a botnet to check randomly for vulnerable IPs over the internet. Machines on local area networks are attacked automatically. In the worst case scenario, you can get infected by just having a vulnerable computer connected to the internet. No opening shady files or exes is required.

>>60365513
I mean it could take over everything, not install cryptolockers on the machines

>>60365106
https://www.grc.com/x/ne.dll?bh0bkyd2

>>60364206
i can't block any ports in my router settings, only forward them. so if i go around the computers on the network and block the 445 ports in the firewall settings it should be fine?

>>60365106
nmap <your external IP from whatismyipaddress.com> -p455 -Pn -n

File: amisafe.png (3KB, 878x23px) Image search: [Google]

3KB, 878x23px

am i safe from this shit now?

>>60364703
I downloaded the patches just in time.

>>60365548
445*

File: win7patch.png (4KB, 768x39px) Image search: [Google]

4KB, 768x39px

>>60365559
Win7 x64 SP1 here

Turn on BBC, mikko is on.

>>60365559
Only after you restart and if you want to be super safe do >>60364206.

>>60365540
Some routers automatically block every port.
Just check your security setting on yours just to be sure.

Has anyone confirmed that paying decrypts your files? Cause if it doesn't, let's hope those hospitals have very good backup for their medical records

File: IMG_20170513_140835.jpg (304KB, 1080x1434px) Image search: [Google]

304KB, 1080x1434px

>>60365613
They don't.

>>60365613
They do, it's not rocket science.
>pay
>don't get your key
>shout everywhere it's a scam
>virus maker doesn't get a penny more

>>60364708
Same for me. When I search for new updates nothing comes up. I guess I'll just disable SMB1 and port 445 and hope they appear later.

>>60365605
>Some routers automatically block every port.
>Just check your security setting on yours just to be sure.
yeah well what my router does is block everything except the registered ports by default. but the problem is the exploit took advantage of a registered port - port 445 - so there's no way for me to block it through my router i don't think. only manually in the firewall of each computer in the network

>>60365630
I had to do backups once a week onto cassettes when I was interning at a GP practice in London, so I'm assuming should be the deal in hospitals as well

>WHAT ARE PUBLIC FACING PORTS
>WHAT IS TEEN_PORN.EXE
NEO/G/ IS FUCKING RETARDED

>>60365548

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-13 19:11 +08
Nmap scan report for redacted
Host is up (0.032s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

File: 0587 - gSk1JHS.jpg (9KB, 350x334px) Image search: [Google]

9KB, 350x334px

>get linked to a pdf
>open it
>tries to print by itself
uh oh

>>60365630
>>60365640
Conflicting post here

>>60365678
>0.032s latency
:^)

File: [HorribleSubs] Stella no Mahou - 04 [720p].mkv_snapshot_00.22_[2016.11.02_23.56.41].png (2MB, 1280x720px) Image search: [Google]

2MB, 1280x720px

>>60365655
You can try "Windows Firewall with Advanced Security".
I'm not really sure if it works, but here's what you can do.

Inbound Rules > New Rule > TCP or UDT > Number > Block

So the stupid exploit was known for over a month but the panic is now since people actually started abusing it? Is there anything else I should be patching up before they remember to use that too?

Manually I mean, don't just tell me to update, not updating my pirated windows 7 ever.

>>60365688
Well, you need to decide whether you'd rather trust a random person on 4chan or an official NHS spokesperson.

>tfw don't even have a smb entry in regedit

>uptime is 22 weeks 1 day 21 hours

I am not rebooting my computer for a shitty popup virus, i'll just block port 445

File: 1453751973402.jpg (25KB, 592x592px) Image search: [Google]

25KB, 592x592px

>>60365697
>Windows Firewall

>>60365701
>concerned about security
>uses pirated windows

Hilarious.

>>60365513
An AI that has solved p=np would theoretically attempt to destroy itself.

>>60365701
>not updating my pirated windows 7 ever.
..why not?

>>60365724
>black top white top grey top?
>fuck that they're all hat wearing motherfuckers and their out to get me

baldy pls

>>60365469
that's not how decryption works

Killswitch in source-code found.
Activated by MalwareTech

Killswitch domain:
http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/

If a website answers on this domain, the wannacry will stop it's attack

>>60365724
And I haven't had a virus in over 15 years, so suck my dick retard.

>>60365730
Why should I?

>>60365730
not him but i have a legit windows 7 copy and i'm afraid of updating because it might turn into windows 10.

the only recent updates for windows 7 are those with telemetry and other dumb shit you don't need

>>60365755
There will be another wave when the creator or a copycat hacker releases a version without the killswitch.

>>60365755
Killswitch being activated means nothing when tons of hospitals and companies still have their shit encrypted that they can't reverse.

>>60365755
This pretty much confirms it was a dumb kid who let this get out of hand right?

>>60365773
If your computer is still vulnerable after this episode, you deserve it.

>>60365778
It means it's not gonna spread any further
I didn't say you'll get your files back

>>60365758
>>60365761
get only the security updates to plug any holes, nothing else, install manually

t. Win 7 pirated never updated since 2013 except sec updates

>>60365644
I doubt they will. Microshill is practically a hacking group itself at this point. Just manually install it if you're worried. I couldn't be assed to if it wasn't going to show up in windows update anyway so I just blocked 445 and disabled smb

>>60365793
Is there a list or something for nothing but security updates?

Idk there are even any other serious exploits besides this recent NSA shit, but I already disabled any SMB or port 445 so not sure if there's anything else to bother with.

This thread is just the perfect example of the kind of posters comprising /g/ for the last few years. Complete and utter illiteracy of the board's topic, but they still post here.
I wish there really was a virus that could penetrate NAT and delete system32 on computers of mouth breathers like OP.

File: 1490139786456.jpg (49KB, 665x574px) Image search: [Google]

49KB, 665x574px

>>60365717
>22 weeks
Jesus. Does your shit not slow down? I must be a retard, every system I've ever used tends to start slowing down the longer its uptime. Jpeg's take longer to open in image viewers, ~.5 seconds of audio delay in audacity when hitting play. Used to be like a week for win xp but for 7 it seems to be 2-3 days.

Also I restart explorer.exe probably 50-75 times a day. Any time I dive through folders looking for shit it increases memory usage, but when I get done it never relinquishes it. Explorer will legitimately use 120MB of memory for hours. Also slows down opening of files and folders, both ones I already looked up and new ones.

>>60365853
I get them monthly from here http://www.catalog.update.microsoft.com/Search.aspx?q=April%2c+2017

Not sure if there's a bigger bundle

if I install the April 2017 security update will it contain all updates from Win 7s inception up until April 2017?

>>60363640
how pathetic do you have to be to attack a health service.

>>60365613
>shitskinned system admins who can't even secure an internal network
Yea man their backups are robust

how does this happen without downloading virus.exe?

>>60363640
Stupid question,

Is my samba share in danger since it's using SMB protocoll?

debian server and Elementrary OS on desktop so i dont really worry much about most virus and backdoors.

>>60365938
It's not like the creator of this virus was like "yeaa I'm going to fuck all the hospitals".

He just made a virus that spreads really fast and it happened to hit hospitals too.

>>60365904
Buy SSD

>>60365941
Ads on sites

>>60365954
> that spreads really fast and it happened to hit hospitals too.

this is probably because hospitals are ranked among the highest viewers of pornographic content

>>60365874
Explain the OPs question then, I don't get it either, is there a single proven case of anyone getting this on a home computer by just being connected and not opening an exe or otherwise being retarded?

>>60365941
Retard.
>>60365928
Retard.
>>60365938
It's a pretty good idea if you want to make money and you reasonably assume a hospital is ran by competent people (or at least people that understand taking a monetary loss is better than letting people die). Unfortunately it seems that hospitals are near universally staffed by idiots that would rather sit on their hands.

>>60365961
let me ask this again then

how does this happen without downloading virus.exe
and without going into dubious sites

>>60365952
No.
EternalBlue SMB exploit is only working on Windows platform

>>60365941
There is a vulnerability in a Windows filesharing service (?) apparently.

The virus in question scans the LAN for all computers and also scans random WAN addresses in a different thread and tries to exploit the vulnerability if the systems aren't protected.

So yes, you can get the virus even if you don't do something dumb if you don't have the recent security updates installed.

>>60365982
Tell me which board you came from and I'll spoon-feed you. I want to know which one is the most illiterate. I'm thinking /a/.

>>60366008
welp, pretty smart guy then, do we know who did this?
being so popular now, I'm guessing there is no way to avoid being found?

>>60365960
I suppose that would do. But this has been my windows experience for 12 years across 5 machines and 4 OS's, and I've never heard anyone mention similar issues. So I must be doing something retarded.

>>60365874
you are literally the dumbest cunt in the whole thread. that is quite an achievement.

>>60366018
/mlp/

>>60365941
No firewall, open ports facing the internet.

>still using an analogue PC
>still all these digitalcucks getting yuropoorware

>>60366018
/lit/ :^)

>>60366035
The original vulnerability in Windows' SMB was allegedly found by NSA and eventually leaked ~publicly by a hacker group called ShadowBrokers (who attempted to sell these NSA leaked vulns). (https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1)

Nobody knows (yet) who weaponized the vulnerability and made the actual ransomware program.

The hardest part was done by NSA with tax money (finding the vuln).

>>60366018
/bant/

>>60366061
No, I'm quite confident I'm much more intelligent than most of the posters in this thread. I didn't think it was possible for so many people to not understand basic networking, as well as being incapable of simple deductive reasoning.

ITT: people too dumb to understand that patching their system does not actually protect them from being infected FROM THE INTERNET

>>60366082
>implying they didn't just force Microsoft to add a backdoor to their software

>>60366117
Patching their system cuts off one of the vector. Now if you stupid enough to run the .exe, you are still fucked.

>>60366117
Isn't that basically what the OP was implying and asking about? And no one has answered it yet. Unless the answer is that all those hospitals and shit happened to open a virus on one PC and it just spread.

Is there a patch for windows 10 that fixes this specific vulnerability without all the other bloat they ship in their cumulative updates?

>>60366153
Exactly. I'm the fucking OP and I'm getting cancer just by reading the whole thread.

Question is very simple: how the ransomware infects the first pc? virus.exe or is it possible to get cucked by just visiting a website with some malicious javascript?

God is /g/ hopeless...

>>60366062
>>60366079
>>60366093
You gave me what I asked for, so here:
There are only a few ways for this infect a computer on a clean network.
>Infected machine joins network, EternalBlue alllws it to hop around infecting machines.
>Retard (or someone without updates allowing an Windows defender exploit to be leveraged) opens (or simply looks at an email program that pre-fetches) an infected file.
>King of the retards is connected directly to the modem with SM 1 enabled
There are no other avenues for this malware to spread. When you read it "scans external IPs" it means it is looking for machines from the third meme-arrow; these are extremely uncommon. Even the shittiest router will protect from this.
The vast majority of infections are caused by the first meme-arrow. Nearly all of the initial infections are caused by the second meme-arrow.

>>60363640
>O U T S I D E T H E L A N
>All the SMBv1 patching and MS17-010 aside, no one is fucking talking about the real issue here. What does this shit use to first penetrate a local network? is it phishing or should we non-retards actually worry?
Does anyone knows the source of this attack. Which country or government or secret service of course !!

>>60366210
top quality explanation

t. microsoft support staff

>>60366246
>SOME1 TELL ME HOW THIS WORKS!!!!
>here is how it works
>THAT'S WRONG I KNOW IT'S WRONG SOMEHOW DESPITE NOT KNOWING ANYTHING ABOUT THE MALWARE IN QUESTION!!!!
What's wrong with you?

>>60366268
it was an actual compliment you suspicious cunt

>>60366230
Vulnerability found by NSA. Leaked and made public by Shadowbrokers. "Anyone" could've made the actual virus that exploits the vulnerability and adds encryption + ransom nag.

>>60366210
Took some time, but I finally got a first answer to my question.

Based anon.

>>60365496
>>60365126


Ok im done. But it did not download and install the one from march KB4012215. Manually downloading it now.

However all 145 or so updates went smooth and i cannot see any problem. Someone in this thread was even worried a mass update like that would upgrade to win10 - but it didnt.

>>60366230
it was the russians as usual. that shithole needs to be nuked.

>>60366210
Great, now I'm reading about this windows defender email shit, should I just turn this off? Looks like it's not set to scan e-mail but still.

>>60366309
but the cheeki-breekis have stronger nukes than the united states of burgers

Someone need to find these fucker and kill them

>>60366210
Oh, I forgot one.
>Machine with port 445 forwarded and SMB1 enabled
This will also allow infection. This could be the way it got into some hospital networks, but I would bet money on most or all of these infections coming from getting pozzed via file.

>>60366302
Downloaded and it said my machine is not compatible with this update. Checked microsoft site and apparently the last monthly rollup (may 9) contained all the improvements from march, and this may 9 was installed with the rest.

Just going to block 445 in my router and im set i guess

File: 1494676952713.jpg (480KB, 1651x929px) Image search: [Google]

480KB, 1651x929px

>>60363640
Is there a way to get rid of this without paying? I have important files that I need right now, but I can't afford to pay 300 bucks. Fuck my life.

>>60363640
If I'm on Windows 7, which patches should I install to be safe?

>>60366395
5/5

File: 1484221224338.gif (3MB, 640x266px) Image search: [Google]

3MB, 640x266px

>>60366395

File: gcj.jpg (73KB, 1433x199px) Image search: [Google]

73KB, 1433x199px

>>60364206
Is this acceptable?
Disabled any preexisting inbound rule and put a block on all inbound and outbound use of 445.

>>60366395
Let this be a lesson.
Install linux next time

>>60366309
>>>60366230 (You)
>it was the russians as usual. that shithole needs to be nuked.
Based on which sources ? Only OYHO ! You have to precise that. On the same ways I could have said it's from Isreali's based on what everybody knows.

File: 1494156146669.gif (1MB, 320x213px) Image search: [Google]

1MB, 320x213px

>>60366395
>win10
>win8 window

wow

>>60366409
This is placebo unless you're a poor Rajesh without a router.

>>60366409
It looks acceptable, but it having it on a router would be 99% safe.

Can you get infected if your system is up to date?

>>60366419
russians and israelis are equally as bad

>>60366426
I don't know how the setup is in this building (recently moved in) but I'm fairly sure the ISP has this shit blocked.
Is there any way I can check?

>>60366446
Yes.

See
>>60366210 and >>60366361

>>60366446
>>60366462
No.

File: Mongolians on horse racing.jpg (2MB, 2560x1920px) Image search: [Google]

2MB, 2560x1920px

Fuck the NSA and fuck white people

>>60366446
Yes, it's an exploit in Windows 10 that cannot really be patched out and if someone makes a similar strain as WannaCrypt we're gonna see the exact same results, without somebody finding the kill switch because this time they will probably plan around that

>>60366454
>In this building
Do you have your own router or not

>>60363640
If I pull that off, will virus stop?

>>60366493
Yeah but it's from the ISP. If I want to access it I have to go onto their site and use my account and a whole bunch of annoying shit.
For security reasons of course.

I think it was North Koreans. Trump should nuke them.

File: 1494633077-bde151e1b7bfa3c168cb22b492eb456a.jpg (480KB, 600x800px) Image search: [Google]

480KB, 600x800px

>>60364590

Doesn't look so

>>60363640
Windows 7

>>60365436
Cheapier, they have to be legal

>>60364010
>After initializing the functionality used by the worm, two threads are created. The first thread scans hosts on the LAN. The second thread gets created 128 times and scans hosts on the wider Internet.
It's probably also hitting machines through corporate intranets and vpns.

>>60366518
Well go login to the router and see if you have any ports forwarded. If you don't then you have nothing to worry about, even without the security patch, unless you go bugcatching with another pozzed machine on your network.

>>60363640
wait so what makes me at risk? its only if im running windows 7 for some retareded reason right?

File: hacker_12.jpg (201KB, 726x752px) Image search: [Google]

201KB, 726x752px

>>60366502
No.

>>60366451
>>>60366419 (You)
>russians and israelis are equally as bad
It's not a question of good and evil I just want to know if there are good informations to accused somebody. Atm, nothing revelent instead of usual bashing.

>>60366566
Your IQ puts you at risk more than anything else.

File: 1446774525210.jpg (561KB, 3000x3000px) Image search: [Google]

561KB, 3000x3000px

>>60366555
>pozzed
Please don't use that word.

>>60366595
but its not a download from my understanding, its remote code execution
?

>>60366198
There probably never was an initial "victim". The creator could have infected one of his own computers, hooked it up to the internet and just let it attack random IPs (like it does).

He probably could even have done that without actually infecting himself.

>>60366609
It's would be much easier for him to distribute via email and use the defender exploit. That one is truly horrific.

>>60366609
Or maybe there is no "creator", and the malware evolved from a simple bug by itself.

File: kqmz4k17unf4arp8qem0wdfruruncgdas7tkbk0ybogoumqjugy8rseorffpaieg.jpg.png (232KB, 619x406px) Image search: [Google]

232KB, 619x406px

>he doesn't use superior windows 10 master race

>>60366630
sorry but could you elaborate on the defender exploit?

>>60366422
bob

>>60366657
Basically the service defender uses to scan files has a gaped anus. The problem is that said service has all privileges by default and scans all kinds of shit all the time. If malware using the exploit is downloaded AT ALL (cache, temp files, etc) and it is scanned it allows for silent automatic RCE. Microshit just patched it on Monday which means essentially no businesses or corporations had it rolled out in time for wcry.

File: 1463756739608.jpg (30KB, 546x725px) Image search: [Google]

30KB, 546x725px

>>60366395

>>60366630
>software meant to protect you from malware is an attack vector for installation of malware
Only Microsoft.

>>60366721
thank you

never 5get the tabs

I've been offline since Tuesday. Is it safe to turn my PC on yet?

Last time I got a Windows update was Wednesday. Am I safe from this shit now or am I still vulnerable if someone else on my network gets infected? This shit has me worried sick because I know nothing about how to protect against it.

>>60366502
It would be extremely painfull

File: 1347204229721.jpg (46KB, 250x250px) Image search: [Google]

46KB, 250x250px

>tfw working at Nokia
>just got a mail about half of our build servers being infected and our admins having to work over the weekend to fix shit

99% of the cases are ye old senile faggot opening basic phishing files

>>60366811
You're big virus

>>60366788
>Am I safe from this shit now
No.
Make sure you have the right updates installed as well as having file sharing disabled as well as having a certain port blocked in your router.

>am I still vulnerable if someone else on my network gets infected?
Yes.

>bored nurse opens phishing email on the hospital and tells no one
>grandpa opens the "CONGRATULATIONS!!!" ads
>WOOOOOWWWW THIS INFECTS THROUGH THIN AIR, HOLY SHIT BLOCK THE IP PORT

This gotta be the biggest wave of it retardation in recent times

>>60363640
backup and set the drive to offline for protection

>win7
>not checked for updates in 4-5months
>1hr and counting

REEE

>>60366814
Isn't Nokia part of Microsoft nowadays?

You know, the company that fixed the exploit 2 months ago?

>>60366814
Overtime though?
$$$$$$

>>60366862
yeah since if the os has no access to the drive how can it be increpted I double the ransomware has a diskpark set online included inside it

>>60366894
"bonus work" so no pay. you dont do it you get cut basically

>>60363640
It's usually just a secretary that trys to downloade some facebook emoticons.

>>60366867
Nokia has always been a seperate company.

MS just got the phone department for a couple years, but they've sold it off a year (?) ago, and the original Nokia guys bought it back.

But Nokia Networks (mobile networks development) and Nokia Technologies (HERE Maps) have never been MS property.

>>60366894
We don't have overtime bucks. They usually compensate overtimes with extra leave hours (leave earlier of even skip entire days)

>how is this spreading

>Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that appeared to contain invoices, job offers, security warnings and other legitimate files.

>Block port 450 on router
Damn, this is mindbogglingly hard.

>>60366918
Well, it's your fault for not keeping the systems up to date. Be glad if you get to keep your job.

>>60366936
T-that's the wrong port anon.

>>60366924
Leak this info to IS/IL for funny headlines.

>>60366936
Don't forget to block port 80 too.

File: 1434469515230.gif (981KB, 500x221px) Image search: [Google]

981KB, 500x221px

>>60366936
>>60366953
>>60366975
Lel

>>60364057
Bad shop

>>60363640
You're looking for an answer, but I don't think anyone knows yet

The term you're looking for is "delivery vector"

>>60366918
Well that sucks. Good luck

>>60364164
> Install Arch using that guide
> No encryption suggested in that guide
> Criminal Policemen break into your home and steal your valuables and list your computer as "confiscated" and go through it to find any excuse for why they broke into your home.
> You have piratedmovie.mp4 on there

or you could just use Fedora's installer and have full disk encryption setup for you. You're up and running in a fraction of the time and you'll be spending a fraction of the time maintaining it too.

I thought /g/ was hackers :(

https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack

Apparently a kill switch has been found FOR A SPECIFIC WANNACRY BUILD. I suspect there might be others so some people might still be SOL as of now.

Even if it's jsut one build, next week they could patch up the kill switch and keep on infecting people with a new build.

Of course, still some retards believe they are safe just by patching SMB :DDDDD

>>60364139
The vault leaks proved that the NSA has been spying on Linux users as well and has a full suite of tools for different distros, so that pic isn't really accurate

>>60366934
Is there any pattern to the wannacry emails? Certain subjects?

>>60363762
Retards literally had port 445 open

Am I safe if I don't have the latest windows 10 update but I've the only Pc in the house and I don't download random shit or open unknown websites and check my email on phone?

>using M$ products
Shit I am using it too. What can I do to not get infected?

>>60367099
The vault leaks were from CIA, not NSA...

>>60364617
Meanwhile Windows 10 users were never vulnerable. It's amazing how backwards this board is.

>>60367078
No you misheard. It's /g/ is a bunch of hacks not hackers.

>>60366395
Free cuckold porn? You deserve that shit, faggot.

File: Capture.png (80KB, 1301x837px) Image search: [Google]

80KB, 1301x837px

>>60367109
I've no idea.

I've seen a digital signature for the file that was tested in the lab. Pic related.

It might be disguised in many types of containers (file formats) though.

>>60363640
>meanwhile hosting a tracker for chinese cartoon can get you 10 years in jail

File: 1453471017496.png (129KB, 724x611px) Image search: [Google]

129KB, 724x611px

>he did not install all Windows updates and got infected with a virus

>>60363640
I've tried this with VM, the whole VM was encrypted.
Tried that under WINE, only the WINE prefix was encrypted.
Windows 10 stopped the process.
MacOS couldn't run it.

It's good to be posting with you lads - I'm not usually a regular on here, and much of the advice has been really useful since the ransomware attack.

>Godspeed Anons

Ok this thing spreads through a local connection.

But how does it run automatically once downloaded?

Shit day at the SOC, cant even sleep.

is there any way to manually patch this shit without waiting 10 years for windows to check for updates

>>60367122
Nope. Your PC is compromised until you install the March update.
Because of the way the worm spreads (random IP) you getting the virus would be like winning the lottery though.

>>60367254
Thanks.

I'm told "Special message from -inserts name-" is one possible subject.

File: noSMB.jpg (33KB, 375x411px) Image search: [Google]

33KB, 375x411px

Just uncheck "Client for MS networks" and "File-Printer Sharing" on your network adapters. You don't need them for everyday Internet use.

>>60367320
The exploit is in a remote filesharing protocol some machines have enabled. If you are using an unpatched version, the attacker can push the virus on your computer without you having to do anything.

>>60367352
What does Client for Microsoft Networks even do anyway?

>>60367320
>Ok this thing spreads through a local connection.
SMB is not LAN only, it also works over WAN since MS added NetBIOS-over-TCPIP to Windows stack

How fucked are the people responsible when they're found out?

>>60363720
thats really cool
some basement dwellers are probably still cumming because this worked

>>60367427
Very.

>>60363640
It uses anything you want. Someone sets up a legit looking site with real info about whatever or hell, just uses an xss or includes an arbitrary web image in their post on a popular site.
This hits their servers, allowing them to collect your IP.
They can then automatically launch an attack on port 445. If it goes through, gg no re. If not, doesn't matter, go to next target.

File: 1467695504627.jpg (77KB, 658x632px) Image search: [Google]

77KB, 658x632px

>>60367255
Animes never killed anyone. Why do they bully?

>>60367427
Years in prison, this is not like those teens that get like 5 years for doing DDoS, this is fucking serious they are probably going to get sentences equivalent to what a pedophile gets.

is it safe to turn on my laptop RIGHT NOW?

>>60364948
Hole punching is a thing. Allow: no does nothing against attacks, it's only useful against benign access.

>>60367492
No way. Pedophiles are treated like the worst criminals. People prefer ISIS terrorists over pedophiles, when they harm nobody.

>>60367501
Kill switch is enabled so the malware don't run now.

If they are smart they remove the kill switch and have fun watching the world burn on all systems that are not updated.

>>60367501
no, it will explode

>>60365436
What? there is a windows version for almost everything.

>>60364139
Someone should add a ransomware pic above win10 face

>>60367393
network shares, named pipes, etc https://en.wikipedia.org/wiki/Server_Message_Block

>>60365941
open ports
tl;dr
some infected pc tries to call your IP, if your IP is green it tries to connect to the port and if the port is open it goes thro installing/running the shit

>>60366936
oh shi-

>>60367613
so blocking 445 UDP/TCP should prevent infection?

>>60365995
by downloading virus.pdf

>>60367348
Latest update I got was the 5th of May one, is it good enough?

>>60367427
depends on the country that gets them

>>60367667
It should
Unless they update their stuff and your OS is not updated.

>>60367667
>block
no
>stop listening on it
yes

>>60367692
You are safe on that PC.

>>60366397
you should install all patches you idiot
you are safe from this particular threat anyway since it's killswitch is triggered

File: 1489334126582.png (589KB, 914x898px) Image search: [Google]

589KB, 914x898px

My 8.1 install is so fucked that it won't even search for updates.

can I use discord app with this shit floating around or

>>60364460
>>60364707
Why can't you just install these updates manually? I'm in the same boat as the other anon in that Windows update causes my svchost to use like 70% of my processes/ram.

>>60366822
UUUU

It spreads over SMB1 running on Port 445 -- if this is forwarded to the internet for you, you will be infected with a certain chance. Just read...

>>60367900
Because you have the Windows Update Bug:

http://wu.krelay.de/en/

Fix it first, then download the updates.

>>60367756
Thank you

>>60366809
He can't keep getting away with it!

This shouldn't be able to penetrate a router with NAT from the outside into the local network, right?

>>60366980
THEY'RE TRASHING OUR RIGHTS

>>60367753
it's not forwarded so I guess I'm "safe"?

>>60368296
If you're behind a nat, and the internet facing device is not running windows or is not running smb, then yes.

>>60368388
alright thanks

>>60364322
bbbuut.. anon mmuh bbbbotent?