IT'S NOT OVER Malware researchers have identified a new

east coast confirmed for retards.

Site to monitor in real time:
https://intel.malwaretech.com/pewpew.html

Look for 'wcrypt'.

Wcrypt seems to be hitting Europe, Russia, and China the hardest

So can we expect microsoft to release a security update outside of the monthly patch day?

File: 1465408189319.jpg (70KB, 515x589px) Image search: [Google]

70KB, 515x589px

>It's Happening!

>that feel when Y2K was 17 years late

File: windows-update.png (223KB, 1719x932px) Image search: [Google]

223KB, 1719x932px

>>60385477
The problem is windows update often fails, many people with updates turned on will see this if they look at their update history.

>>60385534
No, the problem is that in Russia and Asia in general, lots of big businesses are running on pirated versions of Windows that have no updates available whatsoever.

Just to be clear the MS update and other fixes still work right? This is merely another more aggressive version without the weakness to turn it off.

Basically this is all as planned like Cash 4 Clunkers for PCs but you just get fucked in the ass.

>>60385477
The patch that fixed the main exploit has been out since april.

But my Windows PC keeps itself up to date out of the box.

File: haha.jpg (41KB, 650x514px) Image search: [Google]

41KB, 650x514px

>>60385556
That's hilarious

>>60385295
frindly reminder
>>60370717

>>60385582
that's actually true; don't know about businesses but almost every home user uses cracked windows or is upgraded to botnet10

>>60385556
>No, the problem is that in Russia and Asia in general, lots of big businesses are running on pirated versions of Windows that have no updates available whatsoever
There's even windows 10 user getting infected due to windows update being sloppy.

>Not patching your Winblows when MS released the patches in March to kill NSA's zero days

SASUGA WINBLOWS USERS

>>60385606
botnet10 updates perfectly for me and every cracked windows worth their salt should be cracked in a way which enables windows updates.
only fucking russians download pre-cracked .iso which uses outdated KMS servers or something which prevents updates.

>>60385642
It's weekend, anon. Most sysadmins are not working.

>>60385556
what do pirated versions of windows have to do with no updates being available

i use one and i still can update without problems
and it's more likely that windows update died instead of it being somehow the fault of a pirated version

>>60385556
>>60385534
I have an original windows and I've been suffering trying to update it fully for the last few days. updates keep failing, and then reverting takes at least an hour. Fucking windows, now I gotta apply them one by to see which one is causing problems because god forbid they get installed separately so wangblows reverts all 30 of them instead of the one that's causing problems.

Can anyone post the exact update from MS in order to prevent Wannacry?

I disabled updates when MS pushed telemetry from w10 into w7. I don't want to enable that

>WU hangs forever
>end up turning off smb1 and manually download the march update roll
>now WUSI is hanging doing the same thing

nice update service, really makes me wonder why i didn't let it run auto in the first place

File: Wutang.jpg (24KB, 640x469px) Image search: [Google]

24KB, 640x469px

>>60385724
>WU tangs forever

>>60385651
yes i know the copies can use windows update
i ment that everybody uses unlicenced copy

>>60385642
Don't need NSA zero days, if you get the company to build a back door

The Apple Macbook Pro with TouchID doesn't have this problem.

>>60385295
Just download the approriate security update or disable smb v1 yourself, is it that hard to do?

Cost me less than 5 minutes

>>60385702
> typical fleshwaste fucking /v/ import

Go and fucking google it you dense cunt, you have no place on /g/

>>60385756
>is it that hard to do?
You're on /g/ - AMD Vs Intel. What the fuck do you expect?

>>60385760
I actually did google it

>>60385756


will smb1 being shut off be enough? i dont have the patch and it'll probably take my PC 24hrs+ to finish checking for updates so I can then install it.

>>60385756
>approriate security update

WHICH ONE, NO ONE EVER SAID IT

People only say just enable updates

>>60385871
>>60385760

They will never get Australia,

Our internet is too slow

File: 1490990020364.jpg (172KB, 960x684px) Image search: [Google]

172KB, 960x684px

>>60385295
AYY AHAHAHAHAHAHAHAHAHAHA

>>60385828
disable smb1, block port 445, a quick google search will tell you how

>>60385295
So what exactly has been happening? I haven't seen much news lately apart from the NHS getting ransomware on their system. What is wcrypt and what's it do? Should I be worried?

>>60385295
nice try Kaspersky nobody is going to buy your crapware anyway you fucking scams

>>60385642
Fuck you shill, Windows Update keeps failing, useless piece of shit. I should've listened to Linux shills.

>>60385952
The biggest ransomware attack in history. Hundreds of thousands of computers affected worldwide.

File: ransomware wannacry.jpg (70KB, 660x371px) Image search: [Google]

70KB, 660x371px

>>60385987
How will I know if I got it? Is it like a typical pic related that will pop up?

>>60385909
you do realise that means prebuilt garbage?

File: C_yD5FgXgAAojRw.jpg-orig.jpg (106KB, 720x1280px) Image search: [Google]

106KB, 720x1280px

Saudi Telecom Company has fallen. Stupid sandniggers.

>>60386060
even if it's not prebuilt. it's entirely reasonable to see this. Every house in the world already has a computer, the market is saturated. Tablet that only exist few years are already seeing declining sales

Smartphones will see the same shit in the future

>>60386132
How come so many people have port 445 open?

What do they need it for?

File: C_yNw8yW0AA4biu.jpg-orig.jpg (85KB, 720x974px) Image search: [Google]

85KB, 720x974px

>>60386132

>>60386016
yup if you have it you'll get that popup, most likely after it forces a restart.

Three ways to get it:
>Someone uses a remote execution exploit to put it on your machine and run it, (if you are fully patched and not running XP/2003/Vista then this is unlikely but not impossible)
>Someone on your local network gets it and it jumps around the network (Only works in networks with SMB 1 enabled which is only needed if there are XP/2003 systems still around)
>You get a dodgy email and run it yourself by opening the attachment

>>60386154
They use SMB1 to share files between company computers.

>>60386170
I disabled smb1 by going into control panel, programmes, turn on or off windows features, then unchecked the smb1 box


Do you reckon thatd work? Cause I see people posting commands to run to disable it

>>60386183
What about home computers, i seriously doubt normies even heard of smb1, let alone use it?

File: C_yNSJiXcAAMW8O.jpg-orig.jpg (108KB, 1280x720px) Image search: [Google]

108KB, 1280x720px

>>60386169

File: Screenshot_20170514_145444.png (43KB, 395x381px) Image search: [Google]

43KB, 395x381px

What the fuck's up with japan? Are our baka gaijin malware not good enough for them?

>australia not getting infected
feels good

File: japanwcrypt.png (4KB, 106x150px) Image search: [Google]

4KB, 106x150px

>>60386220
There's one, but really they still use fax machines to communicate.

>>60386193
Windows 8.1/10 and Server 2012 R2/2016 included the option within the Features list as you describe.

The commands work on all versions (except XP/2003) but are really only needed for Vista-8 or 2008-2012 as there's no GUI option

>>60386196
Unless they run XP at home, their system will be using whatever SMB version was included in the OS or the lowest compatible with others on the network (SMB2 = Vista/7 and SMB3 = 8/10)

SMB only matters for it spreading, not the initial infection.

>>60386016
If it pops up it is already too late

>>60385295
>Pic related, green dots are the new infections in the last minute or so.
no you dumb fuck.
that's an old variant. because only old variant is sinkholed.

>>60385295
OP we will need a source on that, seeing nothing about any new variant, only warnings that a new one is inevitable at some point

>>60386289
The funny thing is that the old variant is still popping up.

So you know these are people who deliberately got themselves infected because the old variant's SMB infection vector has been neutralised already.

This is like watching fucking Die Hard 4.

>>60385307
trump supporters kek.

>>60385295
need an another update, so it can bypass the bugfix too.

>>60386305
https://motherboard.vice.com/en_us/article/round-two-wannacry-ransomware-that-struck-the-globe-is-back

File: curry5.jpg (161KB, 640x889px) Image search: [Google]

161KB, 640x889px

>>60385295
>sir, i am calling from windows, sir! u have a wirus in your pc computer sir! what is this sir, wot u did to my wondows pc sir oh dear vishnu, sir, my supervisor is going to murder me sir

i hope every call-scamming curry nigger gets this shit on their computers

>>60386309
>The funny thing is that the old variant is still popping up.
they're fine. right now you're observing just new connections made to killswitch which is sinkhole too. that means they get infected but nothing is encrypted.

>>60385295
Oh hey! an email from a random person with no text, but asks me to click a link?
Everything is coming up Millhouse!

>>60385504
The real cyberarmageddon will come once Intel ME is cracked (or keys to it are leaked). Once that happens, the only way to thwart the vulnerability will be to unplug all Intel systems (and wrap them in tinfoil if they have built-in radios).

>>60386368
I wonder if the new variant can be sinkholed and monitored?

IIRC it doesn't ping the "killswitch" domain. How could it be monitored if all external connections it make are opportunitistic SMB ones on the LAN?

File: another_country_white-shirts.jpg (36KB, 397x342px) Image search: [Google]

36KB, 397x342px

>>60386415
>implaying it's not cracked already

The intelligence agencies just sit on it because it's too big a trump card to use unless absolutely needed.

>>60385556
>pirated versions of Windows that have no updates available
You are a retard. Pirated Windows updates just fine you retard.

>>60385573
The patches were made in February actually (even those for XP/2k3/8.0). Those for still actively supported systems were publicly released in March, while the rest was only made available to third parties who pay for extended support. Given the shitstorm that happened, MS decided to make that one patch publicly available.

tl;dr: all Windows versions including XP and up are still being patched, but MS won't give patches for "out of support" systems to those who don't pay big bucks for it

>>60386465
Win 7 does update, but what he probably means is that there are some updates which check if it's legit win7 then if not bricks your computer, makes it boot to blackscreen iirc

File: 1468256883644.png (111KB, 417x234px) Image search: [Google]

111KB, 417x234px

>work in IT
>one client constantly whine they can't upgrade their kit because muh costs
>one XP machine still on the network
>mfw monday morning an entire school gets ransomware'd

>>60386183
Wrong. Port 445 is THE standard SMB port, not just SMB1.

Any Windows computer that is sharing folders on the network has 445 open.

Blocking port 445 will block all sharing of files from your computer, so if you want to share files that is not an ideal solution. Rather disable SMB1 like >>60386193 said because it is the old version that is only available for legacy support.

Also, as some other faggot mentioned SMB1 is the method it uses to spread once it infects a host, it can arrive through other vectors which is probably how most businesses get it because it is very unlikely it would spread from an Internet facing machine to the internal network through SMB.

File: alan-turing.jpg (61KB, 500x668px) Image search: [Google]

61KB, 500x668px

Who else /hype/ for Monday crash and burn as the whole office/institute/corporation gets set ablaze due to a single infected computer spreading throughout the whole network?

>>60386154
The initial attack vector is usually different (mostly phishing email probably). Then once inside a LAN, the secondary vector being the SMB vulnerability is exploited.

>>60386600
I heard some researchers talk on twitter that in the case of Wcrypt, there are no samples of infected email attachments / secondary vectors found.

File: No-fun-allowed.jpg (129KB, 593x647px) Image search: [Google]

129KB, 593x647px

>>60386599
Some fucking whiteknights just hate fun.

>>60386060
>>60386170
>>60386170

so the only way to get it is to having an outdated version of windows? some of the pics look like w7 but it could be vista. fucking cheap bastards not updating their systems

>>60386553
Shut up. I already dread booting that shit up. My plan is pulling the network plug, backing up everything and then hoping for the best.

>>60386438
>tfw any coming vault7 or shadowbrokers leak could release the doomsday exploit

File: David Starkey and James Brown.jpg (655KB, 1920x1152px) Image search: [Google]

655KB, 1920x1152px

>>60386657
>tfw running Linux on my work laptop

I'll be enjoying the absolute shitshow tomorrow.

>>60386599
why couldn't they wait a few days until it affects millions?

File: C9gGfvLU0AAUwFs.jpg (129KB, 1199x412px) Image search: [Google]

129KB, 1199x412px

>>60386536
It's not just SMB1 that's vulnerable though.

>>60386689
It doesn't matter. Anyone could have taken the original binary, edited the killswitch with a hex editor into an unregisterable domain and released the virus back in the wild. Probably already happened.

>>60386625
I really don't believe it could spread as wide as it has if there wasn't some standard email spreading going on.

I do believe it has been using the SMB exploit over the Internet to spread as well but the problem is that it has to go from the Internet side to the Intranet side to get on a lot of these PCs we have been seeing it on, and that's just hard to believe that so many company networks were set up in such a way that Internet facing machines can go directly to Intranet machines.
It goes against the basics of security.

>>60386625
Then every compromised network has at least one machine that exposes a vulnerable SMB service on the standard port directly to the internet without any sort of firewall?

File: reaction_bigGrin.png (64KB, 200x200px) Image search: [Google]

64KB, 200x200px

>>60386711
>SMB2 vulnerable too

Oh fuck this is going to be delicious.

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

Fucking symbolic links and 10GB ethernet are dependent on SMB2!

>>60386630
>fun

You do realize shit like this could literally lead to world war 3 if the wrong systems are affected? Or what if some nuclear power's strategic supply or production systems are impacted, and an unstable leader chimps out over this pushing the red button?

>>60386365
Is this the pajeet who gets syskey'd, pretends to be a rich man, and then cries when he fucks his call center up?

File: 1468332561962.jpg (133KB, 444x453px) Image search: [Google]

133KB, 444x453px

>>60386763
fucking microsoft. Seriously, get your shit together

>>60385660
In the early XP days there was no good way to keep windows activated, the easier way to avoid WU undoing your activation was to disable updates

File: 404C5A7600000578-4504096-image-a-30_1494762612311.jpg (90KB, 634x618px) Image search: [Google]

90KB, 634x618px

Did you really think a nigger would save the world?

LAMO

>>60385682
Try WSUS Offline, it sometimes can unfuck WU by installing everything by itself

File: NaziBodyPillow.jpg (67KB, 500x750px) Image search: [Google]

67KB, 500x750px

>>60386770
>You do realize shit like this could literally lead to world war 3
You're saying that as if it's a bad thing.

File: C_yUC6YW0AAUjT3.jpg-orig.jpg (57KB, 510x535px) Image search: [Google]

57KB, 510x535px

Current profit = 40k USD

>>60386791
>In the early XP days there was no good way to keep windows activated
the first pirated version to become available, came out ~25 days before release, and was the 'corporate edition', which didn't even need activation
the only reason activating home/pro was a pita, is because pirates weren't even using those

Only 1000 computers, who cares

>>60385295
>windows

>>60386808
Of the guy who made the ransomware? Only 40k?

>>60386763

HA HA HA HA

I don't even understand half of what you said but it's great.

Happy fucking Mothers Day you glorious fellow basement dwellers.

>>60386826
Most people won't pay until the time starts running out. Besides, many people will only find about this on Monday when they return to work.

>>60386808
That's pretty low.

>>60386808
I'm surprised that they generated so few addresses. Those guys are amateurs desu.

>>60386770

Wonder what the Iranian enrichment facilities are running? The Israelis know.

>>60386851
There's no point in creating more addresses. You can always start distributing them around when the final collection has been done.

>>60386840
>many people will only find about this on Monday when they return to work.
I can't wait for the millions of offices to go into a blaze of fire on Monday.
The panic is going to be glorious.

>>60386132
is that a picture of someone taking a picture? why

>>60386810
>they picked the FCKGW key because "FuCK Gates & Windows"

Why is this thread talking about Super Mario Brothers and Super Mario Brothers 2? How do they hack your computer using these?

so how do you actually get your computer infected with a virus like this?

is it just a bunch of sites you get it from or what

File: BESTKOREA.png (12KB, 114x111px) Image search: [Google]

12KB, 114x111px

>>60386262
>>60386262
>Japan
>Turbo normies with outdated IE and Windows installations everywhere

>>60386833
>/g/ - Technology

>>60386887

Sit around and wait. Some versions generate random IPs then try and target them. Its only a matter of time until billions of Windows machines are rendered useless globally.

>>60386866
>Millions
There aren't even 5000 computers affected by this. This thread is worse than /pol/ screaming about happenings.

>not running windows 10
>or at a minimum, not running windows 7 with up to date security patches
shiggy diggy

>>60386889
the asians are horrible with computers, they make robots and shit and yet they STILL have a huge reliance on fax machines in Japan, for instance.

>>60386826
It was 26k only a few hours ago.

Years of 4chan images. Gone.
What now?

>>60386891

Oh come on you didn't expect a newfriend or two as a result of this?

File: 1490914634193.gif (2MB, 297x229px) Image search: [Google]

2MB, 297x229px

>>60386770
>You do realize shit like this could literally lead to world war 3
That would be nice.

thanks nsa :^)

>>60386901
how do they send you this with just a random IP?

>>60386922
Of course that's normal, but I also expected them to do research before posting. I don't know why, honestly.

>>60386910
>in the west shitloads of companies get fucked with communications because all their systems are getting encrypted
>japan just faxes each other

>>60386915

>lost pepe folder wat do

Just ask for a folder dump around 1:00 a.m.

>>60386936

He just said happy mother's day and was laughing.

Lighten up.

>>60386935
By the magical powers of Gentoo
:^)

>>60386906
Yesterday people were saying it was only 100,000 computers.

Today people are saying it's only 200,000 computers.

Tomorrow...

>>60386915
>windows
pay

>>60386516
jokes aside, can you imagin how many industrial software still runs on win2k?!
It is not enough to say "people would shit their pants if they knew". IT WOULD BE LIKE GATLINGS LOADED WITH CRAP SLUGS WOULD CONSTANTLY FIRE SHIT OUT OF THEIR ASSES!!!

>>60386910

>tfw trying to patch win7 but WU hangs for 48hrs before finding shit then the updates fail anyway

>>60387082
There is something for this, I think if you get the Disk Cleanup Utility and clear out old updates files from the system helps as well as resetting/clearing the windows update agent.

>>60387013
Common sense worked fine for more than 10 years. I don't even browse shit outside of 4chan and few newssites.

>>60387106
Nobody with common sense uses windows anon.

>get encrypted
>pay
>get encrypted on monday
>pay again
>get encrypted again
>can't pay because no monniez
>have to wait for free event for poor in 6 months
>virus dies by then and their creators get executed
>shit will stay encrypted forever

>>60387082
Close Windows Update window
control panel -> administrative tools -> services -> restart Windows update service
Open Windows Update, check for updates again

Works sometimes

>>60387106
hurr durr

File: Screen Shot 2017-05-14 at 11.16.28 pm.png (79KB, 871x521px) Image search: [Google]

79KB, 871x521px

48 PEOPLE PAID
8

PEOPLE
E
O
P
L
E

PAID
A
I
D

File: 1427019808991.jpg (4MB, 10000x10000px) Image search: [Google]

4MB, 10000x10000px

>>60387106
>Common sense
>4chan

>>60385295
>Don't even have to search, they're nearly all wcrypt anyway

>>60387125
>get encrypted
>pay
>make a backup
>install gentoo
gotta be smart senpai

>>60387008
It's only 300,000 computers.

>>60386914
Where do you follow that?

>>60387150
6 million

File: angry-jew.jpg (45KB, 440x515px) Image search: [Google]

45KB, 440x515px

>>60387193
6 GORILLION

File: 1494683452770.gif (2MB, 480x360px) Image search: [Google]

2MB, 480x360px

>>60387210
Good isn't it?

>>60387082
Use wusa.exe

Heres the update you need

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012215

>>60387260
>666 KB
Don't do it!

File: pepe6.jpg (145KB, 425x481px) Image search: [Google]

145KB, 425x481px

>>60387260

>>60387260
Go for it.

File: reaction_blushlaugh.png (22KB, 345x369px) Image search: [Google]

22KB, 345x369px

>>60387260
Who else /naughty/ here and distributing the v2.0 of WannaCryptor as the Windows patch?

How long until the malware itself disguises as a patch?

>>60387234

using that right now, left it on overnight, been searching for updates after downloading that package for about 14 hours now

>>60387310
>How long until the malware itself disguises as a patch?
Windows 10 already does that.

>>60385295
Keep in mind that this is not a map of infected machines, each ping is an attempted(failed) infection by the old, deactivated ransomware. New versions without the killswitch or with a different kill switch would not appear on the map.

The map is interesting because it shows how many times uninfected machines are discovered by infected machines (I seriously don't think anybody has a hard number for these), which is quite often. ie each green dot is an unprotected machine that has been discovered by random scans by infected machines. Uninfected vulnerable machines can probably ping more than once on the map.

It would probably be faster for somebody with malicious intent to use a different botnet to find vulnerable machines and then target those directly.

>Microsoft leaves backdoor to spy on users
>Backdoor gets leaked
>DSP WOOOOOOWW HOW WAS I SUPPOSED TO KNOW THAT IT COULD EXPLOITED?!

File: Screenshot_20170514_162902.png (209KB, 848x716px) Image search: [Google]

209KB, 848x716px

This shows how fucking virulent this fucker is. It's not spreading through email attachments.

https://webcache.googleusercontent.com/search?q=cache:cQOpZWYen_UJ:https://www.sophos.com/en-us/lp/nhs.aspx+&cd=7&hl=en&ct=clnk&gl=uk&client=safari

>>60387398
>It's not spreading through email attachments.
I still fail to see how people get infected by the SMB vector if nobody within the same network got it via email first.

>>60387398
>made to look like a vulnerable computer
>acrobat reader
>chrome
check out

>>60387450
All infected computers form a botnet that pings random IPs and try to infect them. And there are hundreds of thousands of computers doing this simultaneously.

If you pay, does it give back the files?

>>60387473
We zombiecalypse now.

>>60385295
Enjoy your """better""" OS wintards.

>>60387398
No it is but its also spreading through vulnerabilities in SMBv1.

Can this shit be stopped from spreading into a home network using PFSense?

>>60387478
Yes.

>>60387451
Which is all the more ironic, seeing how Chrome and Adobe Reader X are both the most secure offerings there are in their respective field, what with both coming with built-in sandboxes.

Their only fault is that they are popular.

>>60387416
LMFAO

>>60387488
It can be stopped by basically any firewall. The main reason it has spread to internal networks is email attachments apparently.

>>60387473
Most computers are behind a NAT, those ports are not open to the internet at large and can only be accessed from within the local network. Unless security was done by a complete fuckwit and lets be honest
>>60387450
that's not unlikely.

>>60387398
>router firewall blocked a TCP 445 connection attempt from Hong Kong just 3 minutes ago

File: 1441560516223.jpg (32KB, 396x353px) Image search: [Google]

32KB, 396x353px

>blocked 445 from the router
>disabled(?) smb with regedit
>hid under the desk
I-is my animu safe? Should I rename all the files to some gibberish extension just in case? crossboarder here btw and scared shitless.

>>60387534
Hong Kong fag here

Can't wait for the whole city (and the rest of Asia desu) to go batshit insane tomorrow.

>>60386915
This also happened to me.

4chan pictures and revenge porn of my exes. all gone after a bitlocker encrypted usb got corrupted.

I cried for what must have been milliseconds. most unmanly instances of my life.

>>60387131
seems unlikely

Why is Australia so immune? What the fuck.

>>60387131
How do you get your key if the payment is all going into the same address?

Another worm called Uiwix using the same exploit, but different payload and no killswitch has been spotted.

https://heimdalsecurity.com/blog/security-alert-uiwix-ransomware/

>>60387519
Are there any confirmed attack vectors besides the SMB vulnerability, or is the email attachment idea just speculation? What about malicious web content (Javascript, whatever)?

>>60387586
our population is half of Canada's

File: Screenshot_20170514_164637.png (25KB, 612x241px) Image search: [Google]

25KB, 612x241px

>>60387596

>>60385295
>All of this could have been prevented if they installed Gentoo

We warned them.

>>60386365
I just lead them on for a good while if I'm bored. I tell them eventually I don't have a computer. One time the poojeet went into a fucking rage and asked me why I had been lying to him. It was hilarious but he kept calling me back demanding an answer. Fucking curryniggers.

What the fuck is a smb

>>60387633
Sharing for Windows Protocol.

>>60387547
did you patch already?

>>60387547
you have to go back

>>60387633
Super Mario Bros

>>60387519
Hmmm, well, right now I'm sitting behind one of Verizon's little Wifi/Router/Modem combo units as my connection to the net, and according to the various port-checking tools online my port 445 is blocked/closed.

Desktop has the requisite patch installed, but the laptop and the repurposed-into-fileserver box still need patching (which I'm doing now).

Hopefully I'm safe... right?

>>60387260
>fuckers couldn't make the patch be any other size than fucking 666 KB of all things
>also providing insecure sha-1 hash in filename

>>60387547
It encrypts every file, btw. It goes through every file. Its probably already encrypting as we speak.

Who cares I'll just reformat my hard drive afterwards

too spooky.
bye

>>60387596
Meh, just a copycat.

Call me when someone wrote one that doesn't use the now quickly-being-patched SMBv1 exploit.

IIRC the NSA leak includes exploits for SMBv2 and v3 as well.

And if you disable those Windows would literally not function, so that'll be much more interesting to watch.

>>60387633
superior meet boi

File: 1463801351557.jpg (15KB, 242x214px) Image search: [Google]

15KB, 242x214px

>>60387547
I havne't powered on my windows machine since friday, so all my animu backups and personal stuff should be safe. I'm running on a really old laptop right now with Linux installed, only with this season's stuff. I wont' upgrade my PC since it' has gotten difficult with telemetry stuff and since i'm running a pirated version I don't know how it will react to updates. I will power it on when everything has calmed down.

>>60387633
TheProtocolOncePopularlyKnownAs"NetworkNeighborhood"(tm)

>>60386808
mind sharing that script?

File: WINE-logo.png (35KB, 200x313px) Image search: [Google]

35KB, 200x313px

Has anyone tested if it runs in Wine?
We need to alert the Wine devs if it doesn't.

>>60387688
https://github.com/sp4rk2/wcrypt/blob/master/wcryptProfit.py

>>60386326
wasn't east coast blue state? wasn't hitlery even to become mayor of jewYork after the election?

>>60386844
for a kid in sybiria, no not really

>>60387691
Apparently, it does work.

>>60387657
Nah, it encrypts specific extensions only (most useful ones are affected, but some like .flac for instance are not). Unless the payload has changed in the meantime, that is.

>tfw I opened a suspicious pdf file friday
Is there a way to conceal it? I dont want to be fired.

>>60387723
Accuse your accuser of sexual harassment.

>>60387677
>>60370717
after that update if you want that ms cock

File: untitled545345.png (31KB, 927x487px) Image search: [Google]

31KB, 927x487px

>>60387665
>IIRC the NSA leak includes exploits for SMBv2 and v3 as well.

Yes, see >>60386711

>And if you disable those Windows would literally not function, so that'll be much more interesting to watch.

The "nu-Microsoft" cucks have designed NT6 not to function without a NAS protocol being enabled at all times? Oh well (pic related).

>windows users

ex dee

d

>>60385534
How is Windows Updates such a shitty software?

>>60387016
These types of machines really should be airgapped. Any person who is putting mission critical machines exposed to the greater internet is foolish.

>>60387769
GO OPENGL GO

File: ironing.jpg (204KB, 752x1097px) Image search: [Google]

204KB, 752x1097px

>>60387769
The hilarious thing about the NT kernel is that it's supposedly superior to Linux in all manners and ways

>microkernel instead of monolithic
>copy-on-write filesystem instead of old-style fs
>fine-grained ACL built-in instead of ancient UNIX user permissions
>object-oriented scripting instead of plaintext pipes

And yet it turned out to be such a shitshow.

>>60386515
MSFT can't kill every method of activation without causing havoc and proving Stallman right.

Stallman is eccentric and autistic but he totally gets freedom.

Why my win7 doesn't have smb1 in Programs&Features? I want to disable that shit.

Would Deep Freeze protect an installation from this attack?

>>60386770
you DO realize everybody's nukes are off the grid, in Faraday cages and buried deeper than my dick in your ass right?

>>60387833
They only added the option in the features GUI in Windows 8 and higher, you'll need to use the command-line method

if your Windows shit gets raped, can you boot from a live Loonix usb and rescue your files?

>>60387645
>paying for windows
And even if you can manually install it it'll require gigabytes of other useless shit as a prerequisite. No. There has to be a way to lobotomize the os and make it safe. There has to.

Can't you just turn off smb1?

>>60387908
Nope because they are encrypted, your Linux liveCD will just see a drive filled with gobbledygook where your files used to be

>>60387310
doing gods work anon

>>60387908
the files get fucked irrecoverably first.
After that the GUI pops up and wants you to pay.

File: 1418033272738.jpg (53KB, 565x575px) Image search: [Google]

53KB, 565x575px

I got port 445 blocked on my IBM DataPower, try infecting me, WCry.

>>60387920
Yes so long as you have no 2003/XP systems (which don't support SMB2/3) then turning off SMB1 is always a good idea

>>60387877
>you DO realize everybody's nukes are off the grid, in Faraday cages and buried deeper than my dick in your ass right?
you DO realize that there are other countries that just dont give a flying fuck about their own security to the point that these systems might be connected to the internet?

In addition, there is always the human element, see STUXNET.

>>60387826
NT5 was pretty decent though, it was Ballmer with his cronies and the first larger batch of poos in MS who managed to ruin that legacy.

Welcome to the Sacred Cow Barbecue, I am your pitmaster

On Today's Menu: Julian Assange and the shadowbrokers

>>60387950
>buried deeper than my dick in your ass right?
So you're saying that they're all stored at ground level?

File: CVEs.gif (94KB, 561x569px) Image search: [Google]

94KB, 561x569px

When will the "Linux is more secure" meme die?

File: 1491600830956.jpg (94KB, 1200x675px) Image search: [Google]

94KB, 1200x675px

>>60387972
>assange
Someone drone that motherfucker.

>>60386202
>>60386169
Those poos are gonna get a beating from their saudi masters tonight :(

>>60387950
>see STUXNET.
don't know about anyone else but US nuke control uses software from the 70s, I don't even know if they make viruses for that

>>60386932
>using the smiley with the carrot nose

>>60387985
b-but gaytoo hardened!

>>60387016
I work at a large food retail company in the UK and all the cashier tills run on windows 2000, and are connected to the internet.

>you're cruising on highway with your electric car
>suddenly something pops up on the center panel
>"brakes.exe has been encrypted, transfer 300 bitcoins to the following address to decrypt it..."
What do you do?

File: cap_ch95_20120826_194149.jpg (71KB, 704x480px) Image search: [Google]

71KB, 704x480px

>>60386196
I do use it to access my NAS over explorer.exe

>>60387826
>microkernel instead of monolithic
Windows has a monolithic kernel. They call it a "hybrid kernel" but it is still very much a monolithic design.

>copy-on-write filesystem instead of old-style fs
What is btrfs?

>fine-grained ACL built-in instead of ancient UNIX user permissions
Linux has ACL's

>>60385982
>I have a virus which prevents windows update from working and I have no idea how to fix it
>other poeple are stupid

File: 1494668523605.png (188KB, 374x370px) Image search: [Google]

188KB, 374x370px

>>60386770
>yfw UK's Trident nuclear programme runs on XP

>>60386365
https://www.youtube.com/watch?v=kMwFhGd8duo

>>60387972
>Julian Assange
He had nothing to do with this. The ShadowBrokers handled their own publicity, from beginning to end.

>>60388066
gradually stop in the emergency lane

File: kinglulz.jpg (407KB, 1260x1782px) Image search: [Google]

407KB, 1260x1782px

feels good to be loonix man.

File: untitled.png (53KB, 742x191px) Image search: [Google]

53KB, 742x191px

>>60388068
FTP oughtta be enuff for anybody.

Reminder to short the stock market tomorrow. Especially tech stocks.

>>60385656
>Most sysadmins are not working
Oh I can assure you that those businesses that operate 24/7 have called their sysadmins in.

Interestingly, I expected everyone I know to be called in as well due to the news. Apparently nobody cares, not even a little, until they are looking at a window telling them their files are gone. You'd think that sysadmins were called in to make sure that computers work monday morning but that's not the case.

File: Screenshot_20170514_172335.png (205KB, 600x595px) Image search: [Google]

205KB, 600x595px

Game over, maaan...

>>60387972
This is the global throatpunch normies need to take security seriously. Without threats, there are no countermeasures.

Welcome to evolution and job security for IT. None of my personal machines are affected and if they were, I has backups upon backups including finalized DVDs (which I test).

If you can't restore a new machine with no OS from bare metal after all your computers are destroyed in a fire, you aren't prepared. I'm surprised with the number of preppers elsewhere on 4chin that's not more common.

If you boot Linux live using the Knoppix (and others) toram cheat code you can remove your boot drive then get to work/fapping. I keep Knoppix, Xubuntu (more drivers) and FalconFour's cool WinPEish image along with Windows install USBs with app folders.

Shit makes life so easy it's absurd and you can prepare your utility/emergency kit in a leisurely evening.

>>60387669
So Eduardo McMuffin is behind those attacks?
I knew it.

>>60386770
>implying nuclear weapon systems are connected to the internet

>>60388115
Wikileaks are releasing Vault 7 though (many are by now confused as to what exploits were leaked by whom precisely).

please explain the wcry happening using Street Fighter terminology

>>60386220
They update their OSes like sensible people

>>60387210
/pol/tard detected

File: tmp_4307-1428788365065-54140033.jpg (56KB, 480x680px) Image search: [Google]

56KB, 480x680px

>>60385736
Underrated

File: wcrypt.png (29KB, 462x338px) Image search: [Google]

29KB, 462x338px

Korean and Japanese XP machines have it now.
F

>>60387398
I did the same yesterday but got nothing for an hour

>>60388146
Have you even read what you replied to? What if poos or pakis or chinks or even Drumpf ragepush the button if malware hits them hard enough in other, but critical areas?

>>60388216
>baby.exe was encrypted

File: Untitled.png (114KB, 1742x495px) Image search: [Google]

114KB, 1742x495px

>canada

>>60387559
oh you

>>60387310
>distributing the v2.0 of WannaCryptor as the Windows patch?
What do you mean?

>>60388135
Yep - a lot of people are going to have shitty Mondays

>>60388249
hey goys download the windows patch here >>>www.totallysecurewindowspatchwebsite.virus

>>60386154
They need it for the Windows file sharing service. But that's kind of irrelevant because this particular port is open by default.

Also: My experience in network security is that almost all corporations insist on the front-door security policy. Actually securing the computers on the network is too much of a hassle. Instead they do it like you would in your house, you lock the front door and you're done. In actual network security you should ensure that all the cabinets and drawers in your house also have a lock that prevents anyone who's broken through the front door from grabbing all your valuables. Nobody does this, nobody cares, if port 445 is blocked at the firewall between the corporate network and the Internet then you're done and nothing bad could possibly happen if every single computer inside on your local area network has this port open.

File: albanianvirus.png (15KB, 492x215px) Image search: [Google]

15KB, 492x215px

I miss the cozy halcyon days of albanian virus desu

File: 1494708116053.png (338KB, 558x493px) Image search: [Google]

338KB, 558x493px

>>60388277
Kek, nobody would fall for that, right?

>>60386252
Not even malware wants to talk to Australians

The fuck is going on with that one spot near the Great Lakes in the US that is constantly getting hit by Mirai?

>>60388249
1. Get hold of a variant WannaCryptor, preferably one without the killswitch
2. Rename it as Windows-KB(whatever-number)-patch.exe (or .msi or whatever)
3. Send it out via the usual means (newly register pseudo-official-sounding email address, post onto technical support forum, spam it and ask for people to forward/re-post it, Reddit, Facebook, baby-boomer Whatsapp groups, etc.)
3a. Bonus step: craft the message so that it sounds like a sincere guide on "How to protect yourself from Wanna Cry virus with this latest fix from Microsoft!"
4. Have fun.

File: cap_ch45_20120726_240243.jpg (211KB, 1920x1080px) Image search: [Google]

211KB, 1920x1080px

>>60388241
It wouldn't encrypt .exe files

File: 1494593532355.png (355KB, 540x540px) Image search: [Google]

355KB, 540x540px

>>60388299
Please stop.

Is this variant still using port 445?
I hope it is not. Plenty of morons just blocked those ports and didn't update.

File: Aids_computer_virus.png (3KB, 640x400px) Image search: [Google]

3KB, 640x400px

>>60388285
I miss the good old days of AIDS and CIH.

>>60388323
The exploit only works on port 445 because that's where the vulnerable service listens

File: 1491163040035.jpg (123KB, 848x922px) Image search: [Google]

123KB, 848x922px

Here's hoping I get sent home early on Monday when all the computers are ransom'd.

IT folks, I lmao at your life.

>>60386599
Pretty sure there's a variant that had the switch removed entirely

>>60388245
People live there..?

>>60388287
I actually know people who are able to turn their mind off enough to not read urls
because
>i don't understand that nerdspeak that's written there i just want to use facebook, and see there is written facebook
meanwhile the url is facebook.U51dwr24edaateW.ru

>>60388305
Was referring to the scenario where the lady's baby was encrypted and she'll have to pay up otherwise the baby will be born in encrypted form

File: cap_rec_20120720_120449.jpg (37KB, 704x480px) Image search: [Google]

37KB, 704x480px

>>60388126
Nope, integration makes everything easier than using 3rd party software

>>60388358
no, it's too friendly to support human life

>>60386770
>an unstable leader chimps
Fortunately there are no unstable or unpredictable leaders for us to worry about, right?

>>60388299
Top kek you're a dick

>>60388241

>DBAN uterus with with coathanger.exe after booting from a WinPE or DaRT live USB.

>>60388346
The SMB listens on port 445? I didn't know that.

>>60386915
Leave and don't look back?

>>60388295
Mirai protecting itself.

File: 1492356652652.jpg (538KB, 728x1092px) Image search: [Google]

538KB, 728x1092px

>>60386553
It'll be a blast. My guess is that a whole lot of places are already infected (some employees left their computers on) and just haven't noticed yet.

Monday morning will be great.

>>60388066
don't buy an electric car?

File: cap_rec_20120726_013017.jpg (32KB, 704x480px) Image search: [Google]

32KB, 704x480px

>>60388364
So,
>baby.dat
that would be encripted, I think

File: 1486314204826.jpg (117KB, 842x798px) Image search: [Google]

117KB, 842x798px

Fun Fact: Tomorrow is a federal holiday in Canada. Malware-chan will have an extra day to fuck over the leafs.

>>60388405
>Monday morning will be great
I look forward to it desu. Hopefully all the PCs are down and they send us home.

>>60388299
You are a sick evil fuck.

I like you. Post boipucci.

>>60388339
>those "lel" and "kek" characters (codepage 437 \x01 and \x02 respectively)

What did that virus do btw? Delete shit?

>>60386599
Good luck to fun-killing attention-seekers on Twitter with registering hundreds or thousands of random domain-names.

If you have a wanna-cry binary then it's just matter of opening it in a hex editor and changing the domain. You can remove it completely or change it to something with a top-level domain that isn't in use (thus it can't be registered).

Are the variants using new bitcoin addresses? Or someone just removed the killswitch for the lulz and then set it loose again.

I applied ms17-010 through WSUS last month, yet about 40% computers haven't been updated.
Because the users always close their laptop and hibernate, never shutdown/restart.

I resorted to disabling smb v1 through registry group policy and hoping tomorrow it'll be applied before the malware knocking through the port

>>60385556
Running a pirated windows version and I have all the updates you moron

>>60388423

If more systems go down everyone's going home. This could be the start of basic living allowance NEETism.

>oh but it's all so fun

The fun ends when utility services shut down and you realize they're not coming back on. Hell begins when all the stores nearby are out of supplies and you realize there isn't going to be a restock.

>>60386859
Stuxnet OS

>>60387574
>100k+ infections
>seems unlikely that 1 in 2000 people paid

>>60387985
fake news

File: CloudComputing.jpg (442KB, 1589x1191px) Image search: [Google]

442KB, 1589x1191px

>>60388524
You're saying as if that's a bad thing

Too bad! My computing needs are all served by the clloud

>>60388521
This is just a precursor to the really shitstorm when a something gets loose that cripples all the outdated shit in existence.

>>60387714
Wait, so people using Wine can get hit?
>>60388479
probably the latter

File: usa-population-density-map-3d.jpg (103KB, 650x280px) Image search: [Google]

103KB, 650x280px

>>60385307
That's the most densely populated part of the country

File: 1492148142468.jpg (459KB, 1280x1919px) Image search: [Google]

459KB, 1280x1919px

>>60386808
>Current profit = 40k USD

More like ZERO.

Coinsider this: If you want to accept payments with BTC then you should be generating a new address for each client or in this case, a new address for every single infecting system. This way you will get to see only the address meant to make payments for your infection and you do not get to know the total amount of payments or amounts or see other people's payments.

This malware used a hand-full of hard-coded BTC addresses. This would indicate that the author(s) of this worm are either incredibly stupid OR it's a cyber warfare drill by the CIA or Department of Defense under the guise of "malware". Notice how Russia was hit especially hard.

If it's not a false-flag cyber warfare operating and some kid made this in his basement then he's not going to be able to spend those BTC. I sure as hell wouldn't risk sending BTC from those addresses anywhere knowing that every law enforcement agency and security researcher on the planet is watching to see if the funds sent to those addresses move.

>>60387985
Yeah, I'd try to avoid getting my facts from Facebook, though.

>>60387260
>666 KB

Great. Can someone confirm the patch is really safe to use? Anyone here who applied the XP patch? (MD5: 3AD11C9883051E5A5EEC5A000DC4C37C SHA-256: 3530B7890C22096693FD473D8C6455B9992AC4AA400E1B8CE14D0049234C489D)

>>60388552

That sounds really fun.

>>60388557
>OR it's a cyber warfare drill by the CIA or Department of Defense under the guise of "malware". Notice how Russia was hit especially hard.
Anyone with half a braincell realised this already.

>>60388366
>what is ftp.exe which is built into Windows

>>60388557
More like a bunch of amateurs didn't expect their virus to be this successful. They were using an old exploit that has been patched months ago and doesn't infect systems behind firewalls. Probably small time crooks aiming to scam old folks. They went fishing for fishes and caught sharks with this.

Does anyone have any guide on how to disable smb1 on windows 7? All the guides that I find are for servers editon.

>>60388601
Nice pasta.

>>60388592
You mean that thing that doesn't even support FTP over SSL?

>>60388583
Wait till you find out how many critical systems we use in our daily lives are outdated piece of shits waiting for someone to knock down.

>>60388579
>SHA-256: 3530B7890C22096693FD473D8C6455B9992AC4AA400E1B8CE14D0049234C489D)
>999
>inverted 666

>>60385295
POLENTONI ATTENTI

>>60388602
[Untested, from another post elsewhere]

>To disable SMBv1 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

>To disable SMBv2 and SMBv3 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled

>Notes
You must run these commands at an elevated command prompt.
You must restart the computer after you make these changes.

>To obtain the current state of the SMB server protocol configuration, run the following

cmdlet:
Get-SmbServerConfiguration | Select EnableSMB1Protocol, EnableSMB2Protocol

https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and

-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-

and-windows-server-2012

>>60387473
Oh boy, we're in for a wild ride then

>>60388629

We've already found out. I'm a Bongistanian, so we're currently affected by healthcare systems being down. Lets hope the national grid's computers don't run on Windows. I don't even want to check but I already know they do, because everyone does. It would be nice if this was a kind of nuking of shitty Windows shit and starting fresh with UNIX OSes only.

>>60388552
>outdated
There's plenty of goodies in the ShadowBrokers dump that will probably get tweaked to work against new stuff, and the mess will start all over again. Something,something, can of worms, something.

>>60385295
How does this website detect hits? What exactly do thehy represent?

Getting called into work now at 8am on a Sunday...

>>60388698
National power grid mission critical computers are almost always kept on their own network and isolated from the rest of the world. They are not going down unless a surgical virus like the iran one is made.

>>60388732
Either you're a priest or you're fucked.

>>60388537
no shit

>>60388735
>are almost always kept on their own network and isolated from the rest of the world
The NHS had airgapped devices as well, still got infected due to human stupidity.

So, I disabled SMB1 via running what >>60388691 wrote in the commond prompt and checked my 445 port on canyouuseme and it says it's disabled, am I safe now? Also, can I start qBittorrent, is it possible this virus would get spread via peers?

Imagine how many places have work issued laptops that go home with their employees and will return to work tomorrow to spread this shit.

>>60388735

I know, I know. Its still an interesting thought. I wonder how far up this thing can get. Does it basically max out at normal businesses?

File: MatthewJorysz.jpg (284KB, 900x572px) Image search: [Google]

284KB, 900x572px

>>60388761
Hey, you can be an organist as well.

>>60388790

Oh my god. This is how it fucking happened. Jesus Christ.

Continue here:

>>60388807

>>60388807

>>60388807

>>60388781
I suspect those airgapped devices are still safe. What did them in was infected systems getting onto the network and running rampant on systems.

>>60387677
Good you for having a Loonix backup.

You can usefully spend a few minutes loading a live Linux USB or even a live CD/DVD then you can safely interact with the net using your main computer and download the patch/patches you need.

Knoppix is designed as a live OS and Klaus did an impressive job:

http://www.knopper.net/knoppix/index-en.html

Also: https://www.pendrivelinux.com/

Thread reached bump limit and nearing 404, someone make a new one

>>60386262
IIRC Square Enix still requires devs to fax them their game's source code for archiving.

>>60386763
I'm surprised no one has offered up those registry entries as "Windows tweaks" on their website so normies can use them.