Login or register with Wargaming Account

Daily stuffs

Post things that don't have to remain secret here.
Access: Registered users (read&post) and guests (read only).

Moderators: Officer, Commander

Daily stuffs

Postby The_Un1que » 16 May 2017 11:16

Don't know if we have already some kind of topic regarding daily news, information and discussions, so I opened a new one.

Would like to start with this weekend top case in IT world - WannaCry ransomware malware :)

http://elpais.com/elpais/2017/05/12/inenglish/1494588595_636306.html
http://www.ibtimes.co.uk/telefonica-hack-ransomware-attack-internal-network-forces-computer-shut-down-1621350

Image

Anyone of you had any issues with the same?

In my case, I was lucky this time since all servers (Enterprise customer) were up to date with the latest MS updates.... O:)
  • 1

User avatar
The_Un1que

Trial
Trial
 
Posts: 637
Location: Croatia
Reputation: 531

Re: Daily stuffs

Postby Brati007 » 16 May 2017 19:13

1) use backup from other server
2) profit ?

is this not only going for windows based customers? furthermore i doubt they got more then one crypting code, ez to crack.
  • 0

"it will be way too much work for one hand" nazifish2k15
User avatar
Brati007

Member
Member
 
Posts: 3120
Location: GEMS Masterraceland
Reputation: 1188

Re: Daily stuffs

Postby Paris_Hilton » 16 May 2017 19:47

My GF has not update her Win7 since 2014.... DansGame
  • 0

User avatar
Paris_Hilton

Ex-mr sexii
Ex-mr sexii
 
Posts: 3371
Location: Land of Beer
Reputation: 598

Re: Daily stuffs

Postby Xen » 16 May 2017 21:22

didnt this only affect people who were dumb enough to download a spam email attachment?
  • 0

User avatar
Xen

Commander
Commander
 
Posts: 6623
Reputation: 3413

Re: Daily stuffs

Postby Dr_Slartibartfart » 17 May 2017 04:58

Xen wrote:didnt this only affect people who were dumb enough to download a spam email attachment?

No, it was infecting other devices on the network by a Windows security backdoor. Meaning that if you take your home infected laptop to school, it would infect other laptops at shool.
  • 1

Bois
Spoiler:
I'm still here

pics: https://photos.app.goo.gl/h9nN9zdizaYPKX6h7
User avatar
Dr_Slartibartfart

Member
Member
 
Posts: 2672
Location: Yes
Reputation: 1391

Re: Daily stuffs

Postby Dr_Oolen » 17 May 2017 07:40

but what was the mechanism of getting ur shit infected? you had to do something, didnt you? Or how precisely does that shit work these days?

Actually, im interested in this on a very general level.
  • 0

User avatar
Dr_Oolen

Officer
Officer
 
Posts: 1567
Reputation: 1555

Re: Daily stuffs

Postby Thoryk » 17 May 2017 07:49

troolenhardy wrote:but what was the mechanism of getting ur shit infected? you had to do something, didnt you? Or how precisely does that shit work these days?

Actually, im interested in this on a very general level.


In the current case: an unpatched system gets infected and spreads the infection further. Ways to get infected: over the local network (Windows filesharing service - smb) or by opening some funny email attachments.

Generally: use outdated browser, don't patch your operating system, install every shit you can find on the interwebs, open *.pdf.exe files, ...
  • 0

Thoryk
IDEAL Propaganda Minister
User avatar
Thoryk

Officer
Officer
 
Posts: 2194
Location: In Ralfs lair, serving my master.
Reputation: 2012

Re: Daily stuffs

Postby The_Un1que » 17 May 2017 08:09

Correct what Thoryk is saying.
SPAM mails, mail attachments including a free Dubai ticket, internet sites adds, fake antivirus and mailware programs....all of these might be one of having this ransomware inside.
The biggest problem here was that you can have only one person to be infected and then it was easily spread out over the network using a backdoor, or let's call it a fail inside Windows systems having SMB 1.0 still active.
Latest March 2017 security monthly included this fix for the SMB, but if you have your environment having at least one server or computer which isn't properly patched you can be at risk to have your file shares, and other devices infected.
Brati asked about backup options. Yes, they might help, but imagine to have an enterprise environment that has a file share (like 20TB of files) infected...this take days to get back all the files back to normal. Also, mostly user computers are not backup daily or weekly, so all private storage on the hard drive can be forgotten (in most cases).
  • 0

User avatar
The_Un1que

Trial
Trial
 
Posts: 637
Location: Croatia
Reputation: 531

Re: Daily stuffs

Postby Thoryk » 17 May 2017 08:26

I store all my important files on my local linux "server", including mail, images, documents and so on. Every night there runs storeBackup creating an incremental backup on my usb hdd. For the private sector, this should be enough :)
  • 0

Thoryk
IDEAL Propaganda Minister
User avatar
Thoryk

Officer
Officer
 
Posts: 2194
Location: In Ralfs lair, serving my master.
Reputation: 2012

Re: Daily stuffs

Postby Dr_Oolen » 17 May 2017 08:56

I guess i was more wondering about the level below. I can see how one can get his shit rekt via installing something, by opening some files and shit. But how does it work "passively"?

Does it literally work in a way that, say, some signal (code) is being broadcast in a network/is just randomly a part of something that some programs/processes read by default (as in - no action of user is needed for the code to be read/run) and there are "passively listening" processes on the to be infected machine and those due to their weakness will upon passively registering said code (dunno how to say it, kinda like the difference between me going through a bookstore noticing they have some cookbooks and me actually taking the book home consciously and then deliberately acting out (cooking) a particular recipe that i like and chose to do) execute some commands that will download/install the virus/malware which can then start doing its own shit?
  • 0

User avatar
Dr_Oolen

Officer
Officer
 
Posts: 1567
Reputation: 1555

Re: Daily stuffs

Postby Paris_Hilton » 17 May 2017 21:48

Thoryk wrote:I store all my important files on my local linux "server", including mail, images, documents and so on. Every night there runs storeBackup creating an incremental backup on my usb hdd. For the private sector, this should be enough :)

What is if i come to you home and infect the shit of ur hdd with ma hammer
  • 0

User avatar
Paris_Hilton

Ex-mr sexii
Ex-mr sexii
 
Posts: 3371
Location: Land of Beer
Reputation: 598

Re: Daily stuffs

Postby peregrine » 18 May 2017 00:05

troolenhardy wrote:I guess i was more wondering about the level below. I can see how one can get his shit rekt via installing something, by opening some files and shit. But how does it work "passively"?

Does it literally work in a way that, say, some signal (code) is being broadcast in a network/is just randomly a part of something that some programs/processes read by default (as in - no action of user is needed for the code to be read/run) and there are "passively listening" processes on the to be infected machine and those due to their weakness will upon passively registering said code (dunno how to say it, kinda like the difference between me going through a bookstore noticing they have some cookbooks and me actually taking the book home consciously and then deliberately acting out (cooking) a particular recipe that i like and chose to do) execute some commands that will download/install the virus/malware which can then start doing its own shit?

The used exploits: https://en.wikipedia.org/wiki/EternalBlue https://en.wikipedia.org/wiki/DoublePulsar.

Every service, in this case SMB, has open ports. The services read and interpret the data they get on those ports. If you fuck up reading the data, ie not handling code that is malformed in the right way, you can get remote code execution. Meaning the attacker can run his code on the server. For example opening a shell or downloading the worm itself. And then they can do shit on your PC. And since it's a worm it distributes itself on the network further.

So the worm is sneaking code into your pc and then downloading and running the worm itself.
  • 0

User avatar
peregrine

Officer
Officer
 
Posts: 1212
Location: ::1
Reputation: 606

Re: Daily stuffs

Postby The_Un1que » 22 May 2017 14:12

Was curious how many people payed the decryption key with BitCoins:

"According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low."
  • 0

User avatar
The_Un1que

Trial
Trial
 
Posts: 637
Location: Croatia
Reputation: 531

Re: Daily stuffs

Postby Paris_Hilton » 22 May 2017 14:28

The_Un1que wrote:Was curious how many people payed the decryption key with BitCoins:

"According to a bot watching the Bitcoin wallets tied to the ransomware attack, just 296 payments had been made as of Monday 22nd May, netting the perpetrators 48.86 Bitcoins -- a figure worth approximately $104,436. This mean means under 0.1 percent of victims paid up.

Considering the amount of chaos WannaCry caused -- and the high-profile nature of a truly global campaign -- a return of $100,000 is relatively low."

wait for bitcoin to take more value >:D
  • 0

User avatar
Paris_Hilton

Ex-mr sexii
Ex-mr sexii
 
Posts: 3371
Location: Land of Beer
Reputation: 598

Re: Daily stuffs

Postby Xen » 22 May 2017 16:11

I expected more people to pay
  • 0

User avatar
Xen

Commander
Commander
 
Posts: 6623
Reputation: 3413

Re: Daily stuffs

Postby The_Un1que » 23 May 2017 08:35

Anyone from Manchester?

Again same shits....

http://www.mirror.co.uk/news/uk-news/ma ... o-10478842


Image
  • 0

User avatar
The_Un1que

Trial
Trial
 
Posts: 637
Location: Croatia
Reputation: 531

Re: Daily stuffs

Postby Xen » 23 May 2017 11:51

Im sure thats going to help labour this election Kappa
  • 0

User avatar
Xen

Commander
Commander
 
Posts: 6623
Reputation: 3413

Re: Daily stuffs

Postby The_Un1que » 23 May 2017 17:14

Xen wrote:Im sure thats going to help labour this election Kappa


:sealdier:
  • 0

User avatar
The_Un1que

Trial
Trial
 
Posts: 637
Location: Croatia
Reputation: 531


Return to Public Friends' Section

Who is online

Users browsing this forum: No registered users and 6 guests


Reputation System ©'