Page 1 of 1

Daily stuffs

PostPosted: 16 May 2017 11:16
by The_Un1que
Don't know if we have already some kind of topic regarding daily news, information and discussions, so I opened a new one.

Would like to start with this weekend top case in IT world - WannaCry ransomware malware :)

http://elpais.com/elpais/2017/05/12/inenglish/1494588595_636306.html
http://www.ibtimes.co.uk/telefonica-hack-ransomware-attack-internal-network-forces-computer-shut-down-1621350

Image

Anyone of you had any issues with the same?

In my case, I was lucky this time since all servers (Enterprise customer) were up to date with the latest MS updates.... O:)

Re: Daily stuffs

PostPosted: 16 May 2017 19:13
by Brati007
1) use backup from other server
2) profit ?

is this not only going for windows based customers? furthermore i doubt they got more then one crypting code, ez to crack.

Re: Daily stuffs

PostPosted: 16 May 2017 19:47
by Paris_Hilton
My GF has not update her Win7 since 2014.... DansGame

Re: Daily stuffs

PostPosted: 16 May 2017 21:22
by Xen
didnt this only affect people who were dumb enough to download a spam email attachment?

Re: Daily stuffs

PostPosted: 17 May 2017 04:58
by Dr_Slartibartfart
Xen wrote:didnt this only affect people who were dumb enough to download a spam email attachment?

No, it was infecting other devices on the network by a Windows security backdoor. Meaning that if you take your home infected laptop to school, it would infect other laptops at shool.

Re: Daily stuffs

PostPosted: 17 May 2017 07:40
by Dr_Oolen
but what was the mechanism of getting ur shit infected? you had to do something, didnt you? Or how precisely does that shit work these days?

Actually, im interested in this on a very general level.

Re: Daily stuffs

PostPosted: 17 May 2017 07:49
by Thoryk
troolenhardy wrote:but what was the mechanism of getting ur shit infected? you had to do something, didnt you? Or how precisely does that shit work these days?

Actually, im interested in this on a very general level.


In the current case: an unpatched system gets infected and spreads the infection further. Ways to get infected: over the local network (Windows filesharing service - smb) or by opening some funny email attachments.

Generally: use outdated browser, don't patch your operating system, install every shit you can find on the interwebs, open *.pdf.exe files, ...

Re: Daily stuffs

PostPosted: 17 May 2017 08:09
by The_Un1que
Correct what Thoryk is saying.
SPAM mails, mail attachments including a free Dubai ticket, internet sites adds, fake antivirus and mailware programs....all of these might be one of having this ransomware inside.
The biggest problem here was that you can have only one person to be infected and then it was easily spread out over the network using a backdoor, or let's call it a fail inside Windows systems having SMB 1.0 still active.
Latest March 2017 security monthly included this fix for the SMB, but if you have your environment having at least one server or computer which isn't properly patched you can be at risk to have your file shares, and other devices infected.
Brati asked about backup options. Yes, they might help, but imagine to have an enterprise environment that has a file share (like 20TB of files) infected...this take days to get back all the files back to normal. Also, mostly user computers are not backup daily or weekly, so all private storage on the hard drive can be forgotten (in most cases).

Re: Daily stuffs

PostPosted: 17 May 2017 08:26
by Thoryk
I store all my important files on my local linux "server", including mail, images, documents and so on. Every night there runs storeBackup creating an incremental backup on my usb hdd. For the private sector, this should be enough :)

Re: Daily stuffs

PostPosted: 17 May 2017 08:56
by Dr_Oolen
I guess i was more wondering about the level below. I can see how one can get his shit rekt via installing something, by opening some files and shit. But how does it work "passively"?

Does it literally work in a way that, say, some signal (code) is being broadcast in a network/is just randomly a part of something that some programs/processes read by default (as in - no action of user is needed for the code to be read/run) and there are "passively listening" processes on the to be infected machine and those due to their weakness will upon passively registering said code (dunno how to say it, kinda like the difference between me going through a bookstore noticing they have some cookbooks and me actually taking the book home consciously and then deliberately acting out (cooking) a particular recipe that i like and chose to do) execute some commands that will download/install the virus/malware which can then start doing its own shit?

Re: Daily stuffs

PostPosted: 17 May 2017 21:48
by Paris_Hilton
Thoryk wrote:I store all my important files on my local linux "server", including mail, images, documents and so on. Every night there runs storeBackup creating an incremental backup on my usb hdd. For the private sector, this should be enough :)

What is if i come to you home and infect the shit of ur hdd with ma hammer

Re: Daily stuffs

PostPosted: 18 May 2017 00:05
by peregrine
troolenhardy wrote:I guess i was more wondering about the level below. I can see how one can get his shit rekt via installing something, by opening some files and shit. But how does it work "passively"?

Does it literally work in a way that, say, some signal (code) is being broadcast in a network/is just randomly a part of something that some programs/processes read by default (as in - no action of user is needed for the code to be read/run) and there are "passively listening" processes on the to be infected machine and those due to their weakness will upon passively registering said code (dunno how to say it, kinda like the difference between me going through a bookstore noticing they have some cookbooks and me actually taking the book home consciously and then deliberately acting out (cooking) a particular recipe that i like and chose to do) execute some commands that will download/install the virus/malware which can then start doing its own shit?

The used exploits: https://en.wikipedia.org/wiki/EternalBlue https://en.wikipedia.org/wiki/DoublePulsar.

Every service, in this case SMB, has open ports. The services read and interpret the data they get on those ports. If you fuck up reading the data, ie not handling code that is malformed in the right way, you can get remote code execution. Meaning the attacker can run his code on the server. For example opening a shell or downloading the worm itself. And then they can do shit on your PC. And since it's a worm it distributes itself on the network further.

So the worm is sneaking code into your pc and then downloading and running the worm itself.

Re: Daily stuffs

PostPosted: 22 May 2017 14:12
by The_Un1que
Was curious how many people payed the decryption key with BitCoins:

"According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low."

Re: Daily stuffs

PostPosted: 22 May 2017 14:28
by Paris_Hilton
The_Un1que wrote:Was curious how many people payed the decryption key with BitCoins:

"According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low."

wait for bitcoin to take more value >:D

Re: Daily stuffs

PostPosted: 22 May 2017 16:11
by Xen
I expected more people to pay

Re: Daily stuffs

PostPosted: 23 May 2017 08:35
by The_Un1que
Anyone from Manchester?

Again same shits....

http://www.mirror.co.uk/news/uk-news/ma ... o-10478842


Image

Re: Daily stuffs

PostPosted: 23 May 2017 11:51
by Xen
Im sure thats going to help labour this election Kappa

Re: Daily stuffs

PostPosted: 23 May 2017 17:14
by The_Un1que
Xen wrote:Im sure thats going to help labour this election Kappa


:sealdier: