Login or register with Wargaming Account

Daily stuffs

Post things that don't have to remain secret here.
Access: Registered users (read&post) and guests (read only).

Moderators: Commander (WoT), Officer (WoT)

Daily stuffs

Postby The_Un1que » 16 May 2017 12:16

Don't know if we have already some kind of topic regarding daily news, information and discussions, so I opened a new one.

Would like to start with this weekend top case in IT world - WannaCry ransomware malware :)

http://elpais.com/elpais/2017/05/12/inenglish/1494588595_636306.html
http://www.ibtimes.co.uk/telefonica-hack-ransomware-attack-internal-network-forces-computer-shut-down-1621350

Image

Anyone of you had any issues with the same?

In my case, I was lucky this time since all servers (Enterprise customer) were up to date with the latest MS updates.... O:)
  • 1

User avatar
The_Un1que

Trial
Trial
 
Posts: 629
Location: Croatia
Reputation: 527

Re: Daily stuffs

Postby Brati007 » 16 May 2017 20:13

1) use backup from other server
2) profit ?

is this not only going for windows based customers? furthermore i doubt they got more then one crypting code, ez to crack.
  • 0

"it will be way too much work for one hand" nazifish2k15
User avatar
Brati007

Member
Member
 
Posts: 2840
Location: GEMS Masterraceland
Reputation: 1077

Re: Daily stuffs

Postby Paris_Hilton » 16 May 2017 20:47

My GF has not update her Win7 since 2014.... DansGame
  • 0

User avatar
Paris_Hilton

Officer
Officer
 
Posts: 2718
Location: Land of Beer
Reputation: 517

Re: Daily stuffs

Postby Xen » 16 May 2017 22:22

didnt this only affect people who were dumb enough to download a spam email attachment?
  • 0

User avatar
Xen

Autism Officer
Autism Officer
 
Posts: 6434
Reputation: 3301

Re: Daily stuffs

Postby Dr_Starfart » 17 May 2017 05:58

Xen wrote:didnt this only affect people who were dumb enough to download a spam email attachment?

No, it was infecting other devices on the network by a Windows security backdoor. Meaning that if you take your home infected laptop to school, it would infect other laptops at shool.
  • 1

Bois
Spoiler:
I'm still here

Image
User avatar
Dr_Starfart

Member
Member
 
Posts: 2036
Location: Yes
Reputation: 795

Re: Daily stuffs

Postby Dr_Oolen » 17 May 2017 08:40

but what was the mechanism of getting ur shit infected? you had to do something, didnt you? Or how precisely does that shit work these days?

Actually, im interested in this on a very general level.
  • 0

User avatar
Dr_Oolen

Officer
Officer
 
Posts: 1479
Reputation: 1461

Re: Daily stuffs

Postby Thoryk » 17 May 2017 08:49

troolenhardy wrote:but what was the mechanism of getting ur shit infected? you had to do something, didnt you? Or how precisely does that shit work these days?

Actually, im interested in this on a very general level.


In the current case: an unpatched system gets infected and spreads the infection further. Ways to get infected: over the local network (Windows filesharing service - smb) or by opening some funny email attachments.

Generally: use outdated browser, don't patch your operating system, install every shit you can find on the interwebs, open *.pdf.exe files, ...
  • 0

Thoryk
IDEAL Propaganda Minister
User avatar
Thoryk

Officer
Officer
 
Posts: 2104
Location: In Ralfs lair, serving my master.
Reputation: 1923

Re: Daily stuffs

Postby The_Un1que » 17 May 2017 09:09

Correct what Thoryk is saying.
SPAM mails, mail attachments including a free Dubai ticket, internet sites adds, fake antivirus and mailware programs....all of these might be one of having this ransomware inside.
The biggest problem here was that you can have only one person to be infected and then it was easily spread out over the network using a backdoor, or let's call it a fail inside Windows systems having SMB 1.0 still active.
Latest March 2017 security monthly included this fix for the SMB, but if you have your environment having at least one server or computer which isn't properly patched you can be at risk to have your file shares, and other devices infected.
Brati asked about backup options. Yes, they might help, but imagine to have an enterprise environment that has a file share (like 20TB of files) infected...this take days to get back all the files back to normal. Also, mostly user computers are not backup daily or weekly, so all private storage on the hard drive can be forgotten (in most cases).
  • 0

User avatar
The_Un1que

Trial
Trial
 
Posts: 629
Location: Croatia
Reputation: 527

Re: Daily stuffs

Postby Thoryk » 17 May 2017 09:26

I store all my important files on my local linux "server", including mail, images, documents and so on. Every night there runs storeBackup creating an incremental backup on my usb hdd. For the private sector, this should be enough :)
  • 0

Thoryk
IDEAL Propaganda Minister
User avatar
Thoryk

Officer
Officer
 
Posts: 2104
Location: In Ralfs lair, serving my master.
Reputation: 1923

Re: Daily stuffs

Postby Dr_Oolen » 17 May 2017 09:56

I guess i was more wondering about the level below. I can see how one can get his shit rekt via installing something, by opening some files and shit. But how does it work "passively"?

Does it literally work in a way that, say, some signal (code) is being broadcast in a network/is just randomly a part of something that some programs/processes read by default (as in - no action of user is needed for the code to be read/run) and there are "passively listening" processes on the to be infected machine and those due to their weakness will upon passively registering said code (dunno how to say it, kinda like the difference between me going through a bookstore noticing they have some cookbooks and me actually taking the book home consciously and then deliberately acting out (cooking) a particular recipe that i like and chose to do) execute some commands that will download/install the virus/malware which can then start doing its own shit?
  • 0

User avatar
Dr_Oolen

Officer
Officer
 
Posts: 1479
Reputation: 1461

Re: Daily stuffs

Postby Paris_Hilton » 17 May 2017 22:48

Thoryk wrote:I store all my important files on my local linux "server", including mail, images, documents and so on. Every night there runs storeBackup creating an incremental backup on my usb hdd. For the private sector, this should be enough :)

What is if i come to you home and infect the shit of ur hdd with ma hammer
  • 0

User avatar
Paris_Hilton

Officer
Officer
 
Posts: 2718
Location: Land of Beer
Reputation: 517

Re: Daily stuffs

Postby peregrine » 18 May 2017 01:05

troolenhardy wrote:I guess i was more wondering about the level below. I can see how one can get his shit rekt via installing something, by opening some files and shit. But how does it work "passively"?

Does it literally work in a way that, say, some signal (code) is being broadcast in a network/is just randomly a part of something that some programs/processes read by default (as in - no action of user is needed for the code to be read/run) and there are "passively listening" processes on the to be infected machine and those due to their weakness will upon passively registering said code (dunno how to say it, kinda like the difference between me going through a bookstore noticing they have some cookbooks and me actually taking the book home consciously and then deliberately acting out (cooking) a particular recipe that i like and chose to do) execute some commands that will download/install the virus/malware which can then start doing its own shit?

The used exploits: https://en.wikipedia.org/wiki/EternalBlue https://en.wikipedia.org/wiki/DoublePulsar.

Every service, in this case SMB, has open ports. The services read and interpret the data they get on those ports. If you fuck up reading the data, ie not handling code that is malformed in the right way, you can get remote code execution. Meaning the attacker can run his code on the server. For example opening a shell or downloading the worm itself. And then they can do shit on your PC. And since it's a worm it distributes itself on the network further.

So the worm is sneaking code into your pc and then downloading and running the worm itself.
  • 0

User avatar
peregrine

Officer
Officer
 
Posts: 842
Reputation: 403

Re: Daily stuffs

Postby The_Un1que » 22 May 2017 15:12

Was curious how many people payed the decryption key with BitCoins:

"According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low."
  • 0

User avatar
The_Un1que

Trial
Trial
 
Posts: 629
Location: Croatia
Reputation: 527

Re: Daily stuffs

Postby Paris_Hilton » 22 May 2017 15:28

The_Un1que wrote:Was curious how many people payed the decryption key with BitCoins:

"According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low."

wait for bitcoin to take more value >:D
  • 0

User avatar
Paris_Hilton

Officer
Officer
 
Posts: 2718
Location: Land of Beer
Reputation: 517

Re: Daily stuffs

Postby Xen » 22 May 2017 17:11

I expected more people to pay
  • 0

User avatar
Xen

Autism Officer
Autism Officer
 
Posts: 6434
Reputation: 3301

Re: Daily stuffs

Postby The_Un1que » 23 May 2017 09:35

Anyone from Manchester?

Again same shits....

http://www.mirror.co.uk/news/uk-news/ma ... o-10478842


Image
  • 0

User avatar
The_Un1que

Trial
Trial
 
Posts: 629
Location: Croatia
Reputation: 527

Re: Daily stuffs

Postby Xen » 23 May 2017 12:51

Im sure thats going to help labour this election Kappa
  • 0

User avatar
Xen

Autism Officer
Autism Officer
 
Posts: 6434
Reputation: 3301

Re: Daily stuffs

Postby The_Un1que » 23 May 2017 18:14

Xen wrote:Im sure thats going to help labour this election Kappa


:sealdier:
  • 0

User avatar
The_Un1que

Trial
Trial
 
Posts: 629
Location: Croatia
Reputation: 527


Return to Public Friends' Section

Who is online

Users browsing this forum: Google [Bot] and 3 guests


Reputation System ©'