Thread replies: 28
Thread images: 2
Thread images: 2
Anonymous
Virus/Ransomware General 2017-06-29 01:51:28 Post No. 61131686
[Report] Image search: [Google]
Virus/Ransomware General 2017-06-29 01:51:28 Post No. 61131686
[Report] Image search: [Google]
File: Abraxas1170_payload.png (5KB, 720x400px) Image search:
[Google]
5KB, 720x400px
With all the ransomware going around with WannaCry and Petya, I figured this would be a good thread.
Things to ask:
>Where can I get [Virus]?
>What can I do to protect myself from [Virus]?
>What is [Virus] programmed in?
>What systems does [Virus] affect?
>How can I stop [Virus] if it is on my computer?
Now, a question I have is: Is there a way to infect a machine you don't care about, say a VM, with the Petya ransomware so you can break it down and examine it?
>>
>>61131686
fuck off
>>
>>61131686
yes, and somebody already has.
https://www.youtube.com/watch?v=vtDgA_aasfc
>>
>>61131700
Thank you for this intelligent and helpful post.
>>
>>61131686
install gentoo
>>
>>61131686
obligatory 'this doesn't affect linux, right?'
>>
>>61131686
Petya/NotPetya/etc. is not ransomware. It is a wiper that was probably designed by Russia to attack Ukraine.
If you get infected your data is gone. Load a backup or something.
You avoid getting infected by keeping your Windows machine patched or by using an operating system that doesn't have security by obscurity as a principle of its security strategy.
>>
>>61131779
Ransomware exists for every major OS. There's no cure for stupidity.
>>
>>61131686
>>Where can I get [Virus]?
From being stupid and not having an ad blocker.
>>What can I do to protect myself from [Virus]?
Have backups
Don't execute programs you don't trust
>>What is [Virus] programmed in?
C, ASM
Read Hacking - The Art of Exploitation
>>What systems does [Virus] affect?
Whatever system the virus targets
>>How can I stop [Virus] if it is on my computer?
Don't even try. Reinstall OS. Restore backups.
>Now, a question I have is: Is there a way to infect a machine you don't care about, say a VM, with the Petya ransomware so you can break it down and examine it?
Do it in a VM and take snapshots so you can always go back to a pre-infection stage
Relevant: https://xkcd.com/350/
>>
Where can i get these viruses? Serious question, I actually want to download them, where can I?
>>
>>61133663
>From being stupid and not having an ad blocker
Heh, I assume your knowledge of this particular virus is very limited. Although, the 'being stupid' is mostly correct.
>>
>>61135055
There was a forum somewhere made to research these viruses, but i can't remember the name.
>>
>>61135124
at some point, someone has to fuck up
and the fuck up is usually from either ineptitude, laziness or some other form of idiocy. I'd say being stupid is a pretty good explanation,
>>
>>61135055
>>61135140
Maybe this. I don't know shit about programming though.
http://vxheaven.org/
>>
File: angry_pepe.jpg (40KB, 900x900px) Image search:
[Google]
40KB, 900x900px
I'm working in a huge german company and they just started randomly fire people 300+. Me including. I saw that NotPetya fucks big companies around the world. Where do I get this I want to fuck those idiots up like they did to us. Can someone help an Anon? I will show you and post everything with Timestamps if this shit goes down here.
>>
>>61135947
Do you want a link to that ransomware?
>>
>>61135969
Something like that
>>
>Where can I get [Virus]?
I have a public email address, I can usually get virus du jour from its inbox, and confirm identity by uploading to virustotal. There are online depositories but I'm not naming them here.
>What can I do to protect myself from [Virus]?
Common Sense 2017. Still not a meme
>How can I stop [Virus] if it is on my computer?
No idea, never happened to me. Wipe and restore from backups?
>>
>>61131779
says who? Western Media? Might as well be the USA trying to put the blame on Russia, as fucking always.
>>
>>61136020
I have it but you're going to have to put $5 in my paypal :^)
>>
>>61131704
Quality channel, thanks.
>>
>>61136142
>says who?
researchers who have taken the code apart and seen it is practically identical to shamoon, which was a massive attack on us computers in saudi arabia following stuxnet
>>
>>61131686
Read the Malwarebytes blogs and Kaspersky labs, they explain lots about malware analysis.
Many malwares employ some tricks to avoid being loaded in a VM or debugger, you'll have to work around them.
VM exploits that actually work on modern VM hosts are rare, though certain Stuxnet variants use them.
If you disable the MsMpEng thing you may be able analyse the exploit/logic for Petya/notPetya, but seems not to be an easy to analyse malware by far. Start with the more amateur ones (this is all on the blogs)
>>
>>61131779
>security by obscurity
lol wtf is wrong with winblows. Thats a InfoSec 101 no-no. Wouldnt be surprised if MS servers store their admin passwords in plaintext.
>>
>>61133663
>Don't even try. Reinstall OS. Restore backups.
Hashcat can bruteforce some weaker hashes. Need a couple hundred GPUs though.
>>
K
>>61135947
S
Dumb toddler.
>>
>>61131686
>Where can I get [Virus]?
port 445 gaping, if you're in an office space i would worry about active directoy too
>What can I do to protect myself from [Virus]?
close said port, try emet, hope for the best or just install GNU/Linux
>What is [Virus] programmed in?
C/C++ is my guess
>What systems does [Virus] affect?
any windows system that's neglected to install the march patch
>How can I stop [Virus] if it is on my computer?
u cant :)))))
>>
>>61135947
virustotal like in vid
Thread posts: 28
Thread images: 2
Thread images: 2