Computer nerds explain.
theguardian.com
Computer nerds explain
Adrian Lopez
Jacob Morales
>Unnamed source flipped the switch
Okay then.
Grayson King
He set a killswitch in the ransomware to stop it from spreading if it contacted a website and the website responded. The website didn't actually exist until someone registered the domain, thus activating the killswitch.
Logan Green
this
the idea of the malware creator was that if someone was trying to figure out how the program worked, they would capture all of its internet usage.
if the malware tried to contact a server it knew didn't exist and got a response, it would know it was being examined and stop running, to avoid giving any details to the researcher.
unfortunately for the malware, this "hero" bought the domain it checked and set something up there. now the malware will always think it is being examined and never run.
Joshua Thompson
So why is he not a hero?
Austin Peterson
hero is a bit much - the creator could literally remove this system in under a minute and keep spreading the virus - this would only affect already infected devices
Landon Murphy
Also the "hero" admitted he didn't know what registering the domain would do. He just wanted it for whatever reason.
James Bennett
very cool and not suspicious at all
Owen Rodriguez
The creator is the NSA, son
Leo Jackson
people can just create a version without the killswitch and set it loose again, continuing to infect vulnerable machines
Robert Sullivan
doubtful. the NSA/CIA tools got leaked by contractors months ago. dont you remember the whole wikileaks document?
Daniel Peterson
it was the SMB exploit from the NSA that the ransomware uses to spread
Jace Rogers
collected info here
Adam Wood
Yes I understand that, I was simply stating that the ransomware was most likely not created by the NSA. but simply uses a leaked exploit.
John Johnson
And almost immediately outdated. Very sneaky.
Ian Richardson
imagine the most insanely easy to trigger killswitch you can fucking imagine
now step it up a few levels of obvious and you have this killswitch
Noah Foster
nice virus my dude
Blake Hill
It could easily still be a state actor either from here or abroad that set the malware loose. Having wikileaks release it to the masses gives it a kind of cover for intel agencies to continue using it and allowing others to be blamed.
James Price
so could an attack on the domain dns providing servers re-enable this virus?
Cameron Morris
i mean, by ddosing that domain and taking it down (or the dns provider, but that's harder) would make the program think that domain is unreachable and re-enable itself as that domain doesn't exist yet?
Noah Kelly
yes, that would work but I assume precautions have been taken by this security researcher
Daniel Stewart
do you know what do to right?
please if someone is reading this and has a botnet you know what to do. Only for the lols
Liam Miller
Which Domain was it and why did the creator leave such a kill switch open to see for everybody? How would it have worked anyway?
Why would the Virus have known it gets traced if the Website it was pinging didnt exist.
May it be it was only a kill switch and the creator intended to do it anyway at a time?
Connor Sanders
read: basically it was not a "kill switch" to be activated later, but a weak way to prevent the program from being analyzed:
if something happened that it knew would not (a site that shouldn't exist has something there) shut the program down to prevent analysis
site: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
Justin Peterson
I've been searching and the domain is some kind of md5 hash + ".org" but i haven't found the actual domain yet. I suppose the creator tried to hide it but with reverse engineering you can find everything.
Owen Barnes
Not only is he a hero, he's one of us.
Genius takes what nobody knows and makes it common knowledge. Kid's a genius. Thanks, England.
Joseph Martinez
kek u found it how? i googled and i didn't found nothing
Kayden Davis
>be evil hacker
>install Hollywood kill switch
Yeah nah
Ryder Stewart
just saw it here: seems pretty legit
Liam Russell
why did the kill switch deactivate the ransomware?
or is it a second symptom of hexa editing the program ?
Dylan Martinez
There is a new version without the killswitch ATM
zerohedge.com
Jayden Wood
read;
the killswitch was created to protect the virus from being analysed in a sandbox by cyber defence organisations
Gabriel Cook
i think this a side effect of editing the program, although there are version out there that were adjusted properly so are working and without the "kill switch"
Jose Perez
>ransomware
Oh noes, I'll lose gb's of pictures of good looking women.
Julian Mitchell
That supposedly already happened days ago.
Daniel Bennett
UK hospitals were actually locked out of all their info. Pretty funny.
David Watson
So then he's not a hero, and he'll soon be an hero.
F
Carson Nguyen
So this particular piece of ransomware had an address it was pinging in order to stop. Some guy found the the address and registered it
Lincoln Allen
Oh by the way that is exactly what the creator did. All variants of the spreading virus has this part removed.
Joshua Perry
>wikileaks release it to the masses
WRONG
Josiah Stewart
You have to start over again though, systems infected with this killswitch cannot infect other systems.
Cooper Cox
Hackers let him live
Carson Davis
>believing (((wikileaks))) isn't run by the CIA