bit-tech.net

Go Back   bit-tech.net Forums > Misc > General

Reply
 
Thread Tools View Mode
Old 13th May 2017, 10:53   #1
Isitari
Supermodder
 
Isitari's Avatar
 
Join Date: May 2009
Location: Your nearest black hole
Posts: 291
Isitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming Saiyan
WannaCrypt ransomware

One of the best articles so far I've read on it with links to the dissected malware to tracking it in real time.
https://www.theregister.co.uk/2017/0...nsomware_worm/

One line that particularly stands out: 'A large part of the organisation's systems are still using Windows XP, which is no longer supported by Microsoft, and Health Secretary Jeremy Hunt cancelled a pricey support package in 2015 as a cost-saving measure.'

Also it seems likely that the NHS was hit as Telefonica (a Spanish company) runs a lot of NHS comms. Telefonica staff were told to go home on Friday, shut down all the computers and not use any Telefonica based comms at all, so therefore its quite possible it spread from them to the NHS.

Regards,

Isitari.

P.S. I hope our resident Doc is doing alright under the current circumstances.
Isitari is offline   Reply With Quote
Old 13th May 2017, 11:02   #2
Kernel
Likes cheese
 
Kernel's Avatar
 
Join Date: Sep 2003
Location: Lincolnshire, UK
Posts: 1,116
Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.Kernel is the Cheesecake. Relix smiles down upon them.
I keep seeing the mention of XP being the vector of attack, and while I agree the NHS and government have no excuses to be running massively out of date software that has no support. It's been documented that the vulnerability is present in Vista and on wards.

edit: Although thinking about it, this maybe because there is no update for XP...

For anyone wanting to check whether they or their systems are safe.

For people using the following versions of Windows, make sure you have the following patches installed on your machine:
  • Windows Vista and Windows Server 2008 - KB4012598
  • Windows 7 and Windows Server 2008 R2 - KB4012212 (standalone) OR KB4012215 (update rollup)
  • Windows Server 2012 - KB4012214 (standalone) OR KB4012217 (update rollup)
  • Windows 8.1 and Windows Server 2012 R2 - KB4012213 (standalone) OR KB4012216 (update rollup). NOTE: Later security updates may incorporate and replace KB4012216. Haven't done the research on this yet.
  • Windows 10 (you can check your installed version and build by pressing Win-R and running winver)
  • Pre-version 1511 - KB4012606
  • Version 1511 - KB4013198
  • Version 1607 and Windows Server 2016 x64 - KB4013429 (OS build 14393.953). NOTE: If you have any of the following patches installed, you're good: KB4015438 (14393.969), KB4016635 (14393.970), KB4015217 (14393.1083), and KB4019472 (14393.1198). All of these replace KB4013429.
  • Version 1703 already has this update
__________________
Main: Intel Core i7 6700 / ASRock Z170 Extreme4+ / CoolerMaster Seidon 120V / Corsair Vengeance LPX 16GB / Palit GTX1080 GameRocks / Antec TruePower New 650W / Crucial M4 64GB + 256GB / Fractal R3 / Dell U2713HM / Dell U2412
ESXi Server: HP Microserver G8 - Intel Xeon E3-1230 v2 / Crucial 8GB RAM / Crucial M4 256GB / 4 x HP 250GB | Xpenology NAS: HP Microserver G8 - Intel Celeron G1610T / 4GB RAM / 3TB WD Red / 2x Samsung F3 1TB Spinpoint
Kernel is offline   Reply With Quote
Old 13th May 2017, 11:05   #3
Isitari
Supermodder
 
Isitari's Avatar
 
Join Date: May 2009
Location: Your nearest black hole
Posts: 291
Isitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming Saiyan
Quote:
Originally Posted by Kernel View Post
I keep seeing the mention of XP being the vector of attack, and while I agree the NHS and government have no excuses to be running massively out of date software that has no support. It's been documented that the vulnerability is present in Vista and on wards.
Any Windows OS from Vista to 10 is vulnerable if March's patches were not applied.
Isitari is offline   Reply With Quote
Old 13th May 2017, 11:30   #4
Isitari
Supermodder
 
Isitari's Avatar
 
Join Date: May 2009
Location: Your nearest black hole
Posts: 291
Isitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming Saiyan
Microsoft have now released a patch for XP even if you didn't pay for the extra (very extra) longterm support.

Sent from my SM-N915FY using Tapatalk
Isitari is offline   Reply With Quote
Old 13th May 2017, 11:39   #5
Yadda
Vegan Sandwich
 
Yadda's Avatar
 
Join Date: Jul 2003
Location: UK
Posts: 3,132
Yadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming SaiyanYadda is a Super Spamming Saiyan
Incase anyone's missed it, here's the MS bulletin with all the details:

https://technet.microsoft.com/en-us/.../ms17-010.aspx

Edit: Emergency XP patch available here:

http://www.catalog.update.microsoft....px?q=KB4012598
__________________
Lost a Duff, gained a Charlie.

i5 4690k @ 4.6GHz / ASRock Z97m OC Formula mATX / 2x8GB Crucial Tactical DDR3 @ 2200MHz C10 / EVGA GTX 780 @ 1200/6400MHz / BX100 250GB SSD / Seagate 2TB SSHD / Nepton 240m AIO / EVGA 600B PSU / Corsair Carbide Air 240 / Win10 Home / 1080p monitor / Logitech MOMO wheel

Last edited by Yadda; 13th May 2017 at 11:49.
Yadda is offline   Reply With Quote
Old 13th May 2017, 11:54   #6
Corky42
What did walle eat for breakfast?
 
Join Date: Oct 2012
Posts: 6,866
Corky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming Saiyan
Can we recoup the costs from the NSA?

For anyone concerned Microsoft have released an emergency patch today for all versions of Windows from XP onwards.

Last edited by Corky42; 13th May 2017 at 12:07.
Corky42 is online now   Reply With Quote
Old 20th May 2017, 18:38   #7
Isitari
Supermodder
 
Isitari's Avatar
 
Join Date: May 2009
Location: Your nearest black hole
Posts: 291
Isitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming SaiyanIsitari is a Super Spamming Saiyan
Rather big update on Wannacrypt situation. Especially seems to challenge that XP was the main culprit.

https://arstechnica.com/security/201...ead-so-widely/

Sent from my SM-N915FY using Tapatalk
Isitari is offline   Reply With Quote
Old 20th May 2017, 18:53   #8
Corky42
What did walle eat for breakfast?
 
Join Date: Oct 2012
Posts: 6,866
Corky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming SaiyanCorky42 is a Super Spamming Saiyan
That doesn't surprise me as the bean counters, who normally count their beans via internet connected devices, show XP with a tiny market share so 7 was undoubtedly the largest attack vector, especially as it seems many people have been avoiding updating 7 because of the inclusion of what some people see as unwanted updates.
Corky42 is online now   Reply With Quote
Old 23rd May 2017, 00:51   #9
tk421
Idiot.
 
tk421's Avatar
 
Join Date: Jan 2002
Location: ohio
Posts: 2,396
tk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for presidenttk421 should be considered for president
i spent the bulk of last weekend manually patching gold images and recomposing the better part of our VDI farms ... found out about it at 3:45 friday afternoon ...
__________________
:gamebox: |r7 1700x|asus b350m-a|2x8 corsair white LED 2666|256 960evo|256 810|2+4tb WD blues|h100iv2(soon!)|4xhd120/LNP/CLmini|carbide Air240-white|dell s2340m|
:htpc: q6600@3.03|MSI Neo3f(p43)|4x2gb pc6400|evga gt 710|CM590||vizio D50u-D1 |
tk421 is offline   Reply With Quote
Old 23rd May 2017, 00:54   #10
Anfield
Mod Master
 
Anfield's Avatar
 
Join Date: Jan 2010
Posts: 2,230
Anfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming SaiyanAnfield is a Super Spamming Saiyan
Quote:
Windows 7, not Windows XP, has been the most problematic operating system during WannaCrypt's spread. A report from Kaspersky found 98% of all known infections occurred on versions of Windows 7. The 64-bit version accounted for over 60% of infections on its own.

Windows Server 2008 R2 and Windows 10 were most affected after Windows 7. In reality, XP wasn't responsible for a large portion of WannaCrypt's spread.

Researchers discovered the ransomware could work reliably on Windows 7, but it'd cause errors on XP.

The ransomware is still spreading and has affected over 416,989 systems.
http://www.nextpowerup.com/news/3610...-on-windows-7/
__________________
R7 1800X, ASRock X370 Taichi, 2x8GB Corsair Vengeance 3000 DDR4, ASUS Strix 1080TI OC, 512GB Samsung 950 Pro, 4TB WD Black, EVGA T2 1KW, Lian Li PC-O9WX, EK Supremacy Evo, EK-XRES 140 DDC 3.2, EK-CoolStream PE 360, Ducky Shine 6 (Brown Switches), Logitech G402, AOC U3477PQU (34" 21:9 ftw)
Anfield is offline   Reply With Quote
Old 23rd May 2017, 08:54   #11
crazyg1zm0
Mod Master
 
crazyg1zm0's Avatar
 
Join Date: Feb 2007
Location: Manchester
Posts: 2,193
crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.crazyg1zm0 is the Cheesecake. Relix smiles down upon them.
Quote:
Originally Posted by Anfield View Post
Saw something similar last night, seems a bunch of researchers were having a hard time getting it to behave as expected in XP environments. If what i read was correct and I understood the limited info. It would appear that SP3 on XP helped to protect xp machines due to SHA256 being used on it where as SP2 doesnt force the use of it.

Not sure but interesting reading.
__________________
Quote:
Originally Posted by GreatOldOne View Post
That just made me LOL my coffee over my keyboard....
Intel i7 2600k | Be Quiet Dark Rock Advanced | ASUS P8P67 pro | Patriot 1600 6GB | XFX 6870 Twin fan | corsair 650W | OCZ Vertex II 30gb | Samsung SP 1TB, Samsung 1.5TB, Samsung 500GB | Lian Li V-1000 | 2x23" screens
crazyg1zm0 is offline   Reply With Quote
Old Yesterday, 13:59   #12
Xir
I Mod, Therefore I Own
 
Xir's Avatar
 
Join Date: Apr 2006
Location: Saxony / Germany
Posts: 5,133
Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.Xir is definitely a rep cheat.
Quote:
Originally Posted by Isitari View Post
Microsoft have now released a patch for XP even if you didn't pay for the extra (very extra) longterm support.
Yah...I'm contacting every vendor to make sure they okay the XP patch.
Most don't know as the machines aren't made anymore.
__________________
SN25P
A64 3700+ (San Diego)
2 GB DDR400 OCZ Platinum EL 2-3-2-5 1T
X1800XT 512mb Sapphire
200GB Samsung SP2004C 24" Asus VW246H 1920x1080
Xir is offline   Reply With Quote
Reply

Thread Tools
View Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 15:26.
Powered by: vBulletin Version 3
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.