HOW IS THIS SPREADING?

>I'm asking how a computer connected to the internet would get infected. I understand the worm THEN scans and spreads across the LAN, but what is the entry point from the internet?
The point of patching up the SMB vulnerability is to prevent its spread, but your first machine will be already F U C K E D

Ok, yes it was mostly phishing but I wouldn't be surprised if they used drive-by downloads too. Fuck companies that use Ad-Block blockers.

I'm seeing multiple comments saying something about a opening a pdf.

Scratch that.

the usual dumb-monkey attack vector

i.e. "CLICK HERE TO WIN A PRIZE!!!"

eugenics should be law

Most time it's just phishing, running suspicious executable files from random websites and sharing the same network with morons (A.K.A. the people that would open TaylorSwiftFirstPorn.mp4.exe without ceremonies).

As a common residential user, you wouldn't need to worry about since you're probably NAT'ed by your ISP and port 445 would be unavailable/filtered anyway.

Just keep your OS updated and setup a nice firewall and everything will be fine. Antivirus is also recommended, that's a Common Sense™ by itself.

Yeah that's what I thought, but still, it's hard not to be memed by all the FUD. Thanks user

everyone saying "nancy from finance" wanted to open her prize.exe, but they're forgetting one important thing:
all over the world the nancies are opening the same file in the same ~4-hour timeframe? isn't that strange? And how does this mail get through the spamfilters in the first place?

I use ubuntu gnome.. should I be worried?

are you saing the all the Nancys are connected somehow in an intergalactic vampire cult. jesus, just how far does this rabbit hole go?

This. Thankfully I just dual boot W7 for gayming and have a firewall always on. Gonna patch up and disable SMBv1, but also gonna restrict my browsing just in case.

...

I USE ARCH LINUX SO I HAVE NOTHING TO WORRY ABOUT HAHAHAHA

well it's either that, or we're missing something.

Doesn't the worm just generate a random IP and connect via Port 445 and run if it exits?

Just disable SMB in regedit and you're fine. I don't see what the deal is

Should I disable SMBv1 too?

I thought that was what it does àfter the first infection. I know nothing, just trying to make sense of it. Thought port 445 is only unprotected against local attacks.

Or install ARCH LINUX, the distro I use, the best Linux distro, ARCH LINUX.

You clearly don't get it. It ain't that friggin hard.

Disabling SMB only protects OTHER PC'S ON YOUR LAN, but NOT your own computer from infection in the first place.

Nah, just be sure to set that value to 0 my nigga.

Better solution: INSTALL ARCH LINUX, the greatest distro (which happens to be the distro I use)

>Wincucks actually wannacry.
I heard its a docx file that on download executes itself, but first you do have to download it so, it still boils down to nancies and grandpas

No need if you got the latest security patch from Windows Updater.

But since it's useless for most people, you can do it no problems.

...

ARCH LINUX IS BETTER THAN GENTOOFAGLINUX and everything else shut up

I have no idea what u guys are talking about lol.

All the technical jargon is lost on me :(

Please help

my lambo aint gonna get em new rims by itself you better pay or else you won't see your furry porn anymore faggot.

>computer got awfully slow
>check windows updates
>disabled, haven't updated in like a year
ahhhhhhhhh

This way: wiki.archlinux.org/index.php/installation_guide

msft.social/VIIqP4

Kind reminder that having a FLAC library is never a mistake

>the usual dumb-monkey attack vector
>i.e. "CLICK HERE TO WIN A PRIZE!!!"
>eugenics should be law
So as long as you stay to your regular sites, don't open any suspicious files etc, you should be fine?

(also python developers are good)

I dreamt about it too

>So as long as you stay to your regular sites, don't open any suspicious files etc, you should be fine?
Yes.

I have done everything - I just want to be sure.

Checked if I have KB4012215 (the Monthly Rollup and I do have it)
Disabled any Inbound Rule on Port 445 in my Windows Firewall
Turned off any Window Feature that has File sharing.
Blocked Port 445 on my router
Set DWORD SMB1 to "0"

Now, Do I have to do this to SMBv1 too?

>open up task manager
>cpu at 60% browsing Sup Forums

Tanks!

>CPU at around 20%
Feels good, man!

No. You need a better OS. TRY ARCH LINUX.

You're already protected from your LAN just fine.

>Tanks!
But also take a look at if you want to keep yourself safe in case you share your LAN with other people.

Thank you user, now I can finally sleep.

Fuck you pleb, I use FreeBSD, and it is actually running faster then gnu/loonix

>ARCH
That's not how you spell "autist"...

Make sure to restart after making the changes to the registry.

Wow aren't you a smart one?

>who needs updates durrr

which update do I have to install to avoid this?

My guess is it's actually Phishing.

It seems like that it's initially been spread via phishing to get into internal systems, then making use of the lax security internally it spread like wildfire and just waited either for the activation call or a set time.

window fags BTFO

you seem to be correct, it starts with an exe
blog.talosintelligence.com/2017/05/wannacry.html

Close one!

But I don't think that matters anyway.

Need help with the same.

I am on Win 7 64.

What update can I manually install to be safe?

technet.microsoft.com/en-us/library/security/ms17-010.aspx

Find your OS in the list, download the update file, then perform the update and reboot.

Assuming you're on Windows 7
Check if you have either KB4012215 that was put up on March 15th or KB4012212.

The Security Only or the Monthly Rollup?

>KB4012215 didn't show up on windows update
>microsoft's download for it is down

Do I need to block 445 on TCP or UDP or Both?

I'm pretty sure that the Monthly Rollup has the Security Only update as well.

>Download KB4012212
>Try to install it
>"The following updates weren't installed: KB4012212"

You did made backups, right user?

Patch your fucking system.

This vulnerability is two months old.

It uses an exploit to shoehorn its way in and execute code remotely which then phones home and gets the malware payload sent over. Computers are not perfect. The only 100% (read 99% because there are proven ways to infiltrate and exfiltrate data from airgapped systems, employed by Stuxnet for example) way not to be hacked over the internet is not to be connected.

But wait, there's more. If you think this is spooky you'll get a kick out of the 2000+ 0days in the wild this very moment which are being used with more precision so as not to disclose their existence. Also consider that this is a relatively old exploit, not even a 0day, that was patched in March. Then consider that defense departments all over the world stockpile these exploits for offensive use by spending millions to acquire them off the darknet.

fuck this pos company. Now I cant even update....

No.

>3ds

en.wikipedia.org/wiki/.3ds

seriously if you're affected you should kill yourself

fake and gay
this ransomware uses the language of the system, and this is clearly germany

Ah right, forgot about that. But wouldnt it just encrypt both?

>all 160,000 images of my porn & anime collection get encrypted
>all 10,000 flac files of my music collection are safe
Holy shit it's fucking nothing

oh shit nevermind the text is actually in german
legit and straight then

Its true, there are articles all over and a official statement from the train company.

deutschebahn.com/de/presse/pressestart_zentrales_uebersicht/14176018/h20170513.html

>too paranoid to install windows updates
>too stupid to avoid clicking on obvious phishing bait
>too poor to buy a Mac

Sup Forums in a nutshell.

Afaik, no, if you're not running wine there shouldn't be any need to worry, just don't start downloading LEFUNNYMEME.jpeg.mp4.exe

It will, yeah.
It just targets popular workstuff extensions.

Obviously a normal user with backups won't pay, but they're after companies with crucial data that rather pay 300$ for than lose them.

I looked it up.

>Monthly Rollup
support.microsoft.com/en-us/help/4012215/march-2017-security-monthly-quality-rollup-for-windows-7-and-2008_r2

>Security Only
support.microsoft.com/en-us/help/4012212/march-2007-security-only-quality-update-for-windows-7-sp1-and-windows-server-2008-r2-sp1

The only difference I see is MS17-006 Security update for Internet Explorer

You should be good if you got either one at the time.

i also was thinking, that looks fake and then i saw the taskbar and that the time was right.

>files get encryped
and nothing of value was lost.

i feelbadman for all the people with important data on their systems. Banks and whatnot NEVER get updated.

guys i think microsoft update is out of slots due to everyone updating at the same time.

I just downloaded the other one I was missing.

Download does not work....

For whatever reason I have neither of these installed, they don't show as available updates and they aren't hidden either.

F

Are you sure?
Check Windows Update > View Update History

Apparently it's from an exploit called eternal blue.

THANKS NSA!

I have the March preview but not the whole thing installed, this makes no sense

Now I downloaded KB4012215, and it still gives me the same error.
I'm better off unplugging the internet.

And the text in the textarea is in German so what's the issue?

You could do what this user did.

Yeah, you don't even need a virus to break your system, it falls apart by itself.