Replies

Phishing and spear-phishing represent the majority of malicious exploit distributions around the world today. Despite being "shouted down" by other FReepers calling me a Microsoft fanboi, which I freely admit I am, Microsoft isn't the problem here. This is a user education issue.

No, that's not correct. The attacking software probes for SNMP v1 on listening computers and exploits the bug. There is no user involvement at all.

22 posted on 05/15/2017 6:50:38 AM PDT by palmer (turn into nonpaper w no identifying heading and send nonsecure)

Sorry, that should say SMB v.1 not SNMP.

23 posted on 05/15/2017 6:53:29 AM PDT by palmer (turn into nonpaper w no identifying heading and send nonsecure)

SMB (over TCP 445) is not something most businesses have wide open to the Internet. There’s no evidence that the infection is spread through direct injection via SMB exposed to the Internet. The infection has to be introduced into an environment and can spread from there. If SMBv1 is available (and MS17-010 is not distributed), it makes lateral movement all that much easier.

There are 2 compromises here: SMBv1, addressed by MS17-010, and WannaCry(pt). WannaCry(pt) is your typical run-of-the-mill ransomware with logic built into it to look for SMBv1 to compromise. That’s new. Otherwise, the infection has to start by someone stupid enough to let it loose in an environment, and I stand by my original post.

27 posted on 05/15/2017 7:23:36 AM PDT by rarestia (Repeal the 17th Amendment and ratify Article the First to give the power back to the people!)

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794