Ransomware fear-flinger Uiwix fails to light A ransomware variant, dubbed Uiwix, that abuses the same vulnerability as WannaCrypt has turned out to be something of a damp squib. Uiwix omits the kill switch domain that was instrumental in shutting down the spread of WannaCrypt while retaining its self-replicating abilities, Danish security firm Heimdal Security warned on …
How do you "run an exploit manually" ? Does that mean remote command of an infected computer ? How do you do that without getting traced ?
In any case, it seems that the Uiwix crew let the creature out of the barn a bit too soon. Yet, it's hopefully already too late because, if it uses the same attack vectors as WannaCrypt, well those are getting patched up right now, so it would've been a damp squib anyway. Right ?
How do you "run an exploit manually"
Either do the port-scanning yourself an then try to run the exploit against any exposed port 445 that you see or write a script that does it.
The difference is that the wc version had that capability built-in so the cracker only needed to get one vulnerable host per network for it to spread. Since this latest version doesn't appear to have the code to do that scanning & exploiting itself, then the cracker needs to wait until they have an infection before (presumably) using the tor control channel to manually scan and infect vulnerable machines.
Which means a much-much lower rate of spread, since each infection has to be done manually.
And I find your faith in the likelihood of patches being applied quite.. touching.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
