IT'S NOT OVER
Malware researchers have identified a new version of the ransomware Wannacry which comes without the killswitch. Hundreds of computers keep getting infected every minute as we speak. Pic related, green dots are the new infections in the last minute or so.
Other urls found in this thread:
intel.malwaretech.com
motherboard.vice.com
support.microsoft.com
twitter.com
east coast confirmed for retards.
Site to monitor in real time:
intel.malwaretech.com
Look for 'wcrypt'.
Wcrypt seems to be hitting Europe, Russia, and China the hardest
So can we expect microsoft to release a security update outside of the monthly patch day?
>It's Happening!
>that feel when Y2K was 17 years late
The problem is windows update often fails, many people with updates turned on will see this if they look at their update history.
No, the problem is that in Russia and Asia in general, lots of big businesses are running on pirated versions of Windows that have no updates available whatsoever.
Just to be clear the MS update and other fixes still work right? This is merely another more aggressive version without the weakness to turn it off.
Basically this is all as planned like Cash 4 Clunkers for PCs but you just get fucked in the ass.
The patch that fixed the main exploit has been out since april.
But my Windows PC keeps itself up to date out of the box.
That's hilarious
frindly reminder
that's actually true; don't know about businesses but almost every home user uses cracked windows or is upgraded to botnet10
>No, the problem is that in Russia and Asia in general, lots of big businesses are running on pirated versions of Windows that have no updates available whatsoever
There's even windows 10 user getting infected due to windows update being sloppy.
>Not patching your Winblows when MS released the patches in March to kill NSA's zero days
SASUGA WINBLOWS USERS
botnet10 updates perfectly for me and every cracked windows worth their salt should be cracked in a way which enables windows updates.
only fucking russians download pre-cracked .iso which uses outdated KMS servers or something which prevents updates.
It's weekend, user. Most sysadmins are not working.
what do pirated versions of windows have to do with no updates being available
i use one and i still can update without problems
and it's more likely that windows update died instead of it being somehow the fault of a pirated version
I have an original windows and I've been suffering trying to update it fully for the last few days. updates keep failing, and then reverting takes at least an hour. Fucking windows, now I gotta apply them one by to see which one is causing problems because god forbid they get installed separately so wangblows reverts all 30 of them instead of the one that's causing problems.
Can anyone post the exact update from MS in order to prevent Wannacry?
I disabled updates when MS pushed telemetry from w10 into w7. I don't want to enable that
>WU hangs forever
>end up turning off smb1 and manually download the march update roll
>now WUSI is hanging doing the same thing
nice update service, really makes me wonder why i didn't let it run auto in the first place
>WU tangs forever
yes i know the copies can use windows update
i ment that everybody uses unlicenced copy
Don't need NSA zero days, if you get the company to build a back door
The Apple Macbook Pro with TouchID doesn't have this problem.
Just download the approriate security update or disable smb v1 yourself, is it that hard to do?
Cost me less than 5 minutes
> typical fleshwaste fucking Sup Forums import
Go and fucking google it you dense cunt, you have no place on Sup Forums
>is it that hard to do?
You're on Sup Forums - AMD Vs Intel. What the fuck do you expect?
I actually did google it
will smb1 being shut off be enough? i dont have the patch and it'll probably take my PC 24hrs+ to finish checking for updates so I can then install it.
>approriate security update
WHICH ONE, NO ONE EVER SAID IT
People only say just enable updates
...
They will never get Australia,
Our internet is too slow
AYY AHAHAHAHAHAHAHAHAHAHA
disable smb1, block port 445, a quick google search will tell you how
So what exactly has been happening? I haven't seen much news lately apart from the NHS getting ransomware on their system. What is wcrypt and what's it do? Should I be worried?
nice try Kaspersky nobody is going to buy your crapware anyway you fucking scams
Fuck you shill, Windows Update keeps failing, useless piece of shit. I should've listened to Linux shills.
The biggest ransomware attack in history. Hundreds of thousands of computers affected worldwide.
How will I know if I got it? Is it like a typical pic related that will pop up?
you do realise that means prebuilt garbage?
Saudi Telecom Company has fallen. Stupid sandniggers.
even if it's not prebuilt. it's entirely reasonable to see this. Every house in the world already has a computer, the market is saturated. Tablet that only exist few years are already seeing declining sales
Smartphones will see the same shit in the future
How come so many people have port 445 open?
What do they need it for?
...
yup if you have it you'll get that popup, most likely after it forces a restart.
Three ways to get it:
>Someone uses a remote execution exploit to put it on your machine and run it, (if you are fully patched and not running XP/2003/Vista then this is unlikely but not impossible)
>Someone on your local network gets it and it jumps around the network (Only works in networks with SMB 1 enabled which is only needed if there are XP/2003 systems still around)
>You get a dodgy email and run it yourself by opening the attachment
They use SMB1 to share files between company computers.
I disabled smb1 by going into control panel, programmes, turn on or off windows features, then unchecked the smb1 box
Do you reckon thatd work? Cause I see people posting commands to run to disable it
What about home computers, i seriously doubt normies even heard of smb1, let alone use it?
...
What the fuck's up with japan? Are our baka gaijin malware not good enough for them?
>australia not getting infected
feels good
There's one, but really they still use fax machines to communicate.
Windows 8.1/10 and Server 2012 R2/2016 included the option within the Features list as you describe.
The commands work on all versions (except XP/2003) but are really only needed for Vista-8 or 2008-2012 as there's no GUI option
Unless they run XP at home, their system will be using whatever SMB version was included in the OS or the lowest compatible with others on the network (SMB2 = Vista/7 and SMB3 = 8/10)
SMB only matters for it spreading, not the initial infection.
If it pops up it is already too late
>Pic related, green dots are the new infections in the last minute or so.
no you dumb fuck.
that's an old variant. because only old variant is sinkholed.
OP we will need a source on that, seeing nothing about any new variant, only warnings that a new one is inevitable at some point
The funny thing is that the old variant is still popping up.
So you know these are people who deliberately got themselves infected because the old variant's SMB infection vector has been neutralised already.
This is like watching fucking Die Hard 4.
trump supporters kek.
need an another update, so it can bypass the bugfix too.
>sir, i am calling from windows, sir! u have a wirus in your pc computer sir! what is this sir, wot u did to my wondows pc sir oh dear vishnu, sir, my supervisor is going to murder me sir
i hope every call-scamming curry nigger gets this shit on their computers
>The funny thing is that the old variant is still popping up.
they're fine. right now you're observing just new connections made to killswitch which is sinkhole too. that means they get infected but nothing is encrypted.
Oh hey! an email from a random person with no text, but asks me to click a link?
Everything is coming up Millhouse!
The real cyberarmageddon will come once Intel ME is cracked (or keys to it are leaked). Once that happens, the only way to thwart the vulnerability will be to unplug all Intel systems (and wrap them in tinfoil if they have built-in radios).
I wonder if the new variant can be sinkholed and monitored?
IIRC it doesn't ping the "killswitch" domain. How could it be monitored if all external connections it make are opportunitistic SMB ones on the LAN?
>implaying it's not cracked already
The intelligence agencies just sit on it because it's too big a trump card to use unless absolutely needed.
>pirated versions of Windows that have no updates available
You are a retard. Pirated Windows updates just fine you retard.
The patches were made in February actually (even those for XP/2k3/8.0). Those for still actively supported systems were publicly released in March, while the rest was only made available to third parties who pay for extended support. Given the shitstorm that happened, MS decided to make that one patch publicly available.
tl;dr: all Windows versions including XP and up are still being patched, but MS won't give patches for "out of support" systems to those who don't pay big bucks for it
Win 7 does update, but what he probably means is that there are some updates which check if it's legit win7 then if not bricks your computer, makes it boot to blackscreen iirc
>work in IT
>one client constantly whine they can't upgrade their kit because muh costs
>one XP machine still on the network
>mfw monday morning an entire school gets ransomware'd
Wrong. Port 445 is THE standard SMB port, not just SMB1.
Any Windows computer that is sharing folders on the network has 445 open.
Blocking port 445 will block all sharing of files from your computer, so if you want to share files that is not an ideal solution. Rather disable SMB1 like said because it is the old version that is only available for legacy support.
Also, as some other faggot mentioned SMB1 is the method it uses to spread once it infects a host, it can arrive through other vectors which is probably how most businesses get it because it is very unlikely it would spread from an Internet facing machine to the internal network through SMB.
Who else /hype/ for Monday crash and burn as the whole office/institute/corporation gets set ablaze due to a single infected computer spreading throughout the whole network?
...
The initial attack vector is usually different (mostly phishing email probably). Then once inside a LAN, the secondary vector being the SMB vulnerability is exploited.
I heard some researchers talk on twitter that in the case of Wcrypt, there are no samples of infected email attachments / secondary vectors found.
Some fucking whiteknights just hate fun.
so the only way to get it is to having an outdated version of windows? some of the pics look like w7 but it could be vista. fucking cheap bastards not updating their systems
Shut up. I already dread booting that shit up. My plan is pulling the network plug, backing up everything and then hoping for the best.
>tfw any coming vault7 or shadowbrokers leak could release the doomsday exploit
>tfw running Linux on my work laptop
I'll be enjoying the absolute shitshow tomorrow.
why couldn't they wait a few days until it affects millions?
It's not just SMB1 that's vulnerable though.
It doesn't matter. Anyone could have taken the original binary, edited the killswitch with a hex editor into an unregisterable domain and released the virus back in the wild. Probably already happened.
I really don't believe it could spread as wide as it has if there wasn't some standard email spreading going on.
I do believe it has been using the SMB exploit over the Internet to spread as well but the problem is that it has to go from the Internet side to the Intranet side to get on a lot of these PCs we have been seeing it on, and that's just hard to believe that so many company networks were set up in such a way that Internet facing machines can go directly to Intranet machines.
It goes against the basics of security.
Then every compromised network has at least one machine that exposes a vulnerable SMB service on the standard port directly to the internet without any sort of firewall?
>SMB2 vulnerable too
Oh fuck this is going to be delicious.
Fucking symbolic links and 10GB ethernet are dependent on SMB2!
>fun
You do realize shit like this could literally lead to world war 3 if the wrong systems are affected? Or what if some nuclear power's strategic supply or production systems are impacted, and an unstable leader chimps out over this pushing the red button?
Is this the pajeet who gets syskey'd, pretends to be a rich man, and then cries when he fucks his call center up?
fucking microsoft. Seriously, get your shit together
In the early XP days there was no good way to keep windows activated, the easier way to avoid WU undoing your activation was to disable updates
Did you really think a nigger would save the world?
LAMO
Try WSUS Offline, it sometimes can unfuck WU by installing everything by itself
>You do realize shit like this could literally lead to world war 3
You're saying that as if it's a bad thing.
Current profit = 40k USD
>In the early XP days there was no good way to keep windows activated
the first pirated version to become available, came out ~25 days before release, and was the 'corporate edition', which didn't even need activation
the only reason activating home/pro was a pita, is because pirates weren't even using those
Only 1000 computers, who cares