Friday, May 12, 2017

Massive "WannaCry" malware hits Europe, Russia; Edward Snowden had found it

There are plenty of news accounts of the “Shadow Brokers” attack on many systems around the world, revealed today, hitting Spain, Russia, and the British NHS pretty hard.  Here is a New York Times story.

And the Washington Post story. The NSA has known about the vulnerability which was apparently exposed by Edward Snowden,

Microsoft updated its systems in March but another patch is said to have been released this week. It is unclear if the latest updates Tuesday (to Windows 10, including 1703 Creator’s Update) has all the fixes. My systems updated this week and show up-to-date.

The UK NHS (single payer healthcare) infection apparently occurred with zip file attachments.  But the media reports that the WannaCry  malware could be spread by infected ODF files.

Webroot, in a tweet, directed me to read this Microsoft bulletin about SMB MS017-010 here.  UK Computing has a story here. Infection seems much more likely through Server and through network shares, it seems less likely at home.

Timothy B, Lee of Vox has a detailed explanation here.

Update: May 13 

US Cert's analysis of the problem.

This worm can spread from computer to computer within a network with a different user clicking on a phishing link or dangerous site.  It's not clear it can get through a firewall.

A 22-year-old programmer in Britain (or was it Indiana) disable the current malware by buying an unregistered domain used as a pivot in the worm.

Microsoft has a new update.   Windows 10 computers are not affected. However earlier computers still running Windows 8 or earlier may be vulnerable if not updated after May 13, particularly if connected to network shares.  Here is the latest I can find. I find their advice problematic;  older computers to not run Windows 10 very well.

Ars technica discusses Port 445 exposure (not requiring user interaction) here.

Update: May 16

Here's a blog post from Kaspersky about the Lazarus Group and possible ties to North Korea.

Update: May 17

Trend Micro offers a Folder Shield, which provides one more layer of protection against a designated folder, in the Data section.  It also offers users with earlier Windows OS to check to see if they have all the necessary patches against WannaCry.

No comments: