nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
7 NSA hack tool wielding follow-up worm oozes onto scene: Hello, no need for any phish!

Silver badge

smart move

Covert infections will eventually allow the author to switch larger number of victims to ransomware mode. I guess something like it was to be expected.

3
0
Silver badge

Re: smart move

author to switch larger number of victims to ransomware mode

Or to later bundle keyboard/screen scrapers to capture bank account login details.

1
0

1Up

+1 for "That difficult second album" -- oh yes!

Nothing to do with the Second System Effect, c.f Rodney Brooks, The Mythical Man Month

5
4

Re: 1Up

"The Mythical Man Month" was by Frederick P Brooks as all El Reg readers will surely know.

9
0
Holmes

Kind of like the Darwin awards

Will the world really miss those un-patched systems with open SMB ports?

I'd be shocked if they weren't all pwned before this time, and already part of a botnet or two or three.

Maybe we are just seeing evolution on an internet scale.

8
2
Silver badge

Re: Kind of like the Darwin awards

"Will the world really miss those un-patched systems with open SMB ports?"

It would depend on what that particular installation was in charge of. Like pay roll, server containing child pornography, or a nuclear reactor.

Hard to say really.

7
0

Re: Kind of like the Darwin awards

More like culling of the weak and infirm....

XP: "I'm not dead!"

Customer: "What?"

Microsoft: Nothing -- here's your next forced update.

XP: I'm not dead!

Customer: Here -- he says he's not dead!

Microsoft: Yes, he is.

XP: I'm not!

Customer: He isn't.

Microsoft: Well, he will be soon, he's very ill.

XP: I'm getting better!

Microsoft: No, you're not -- you'll be stone dead in a moment....

// you know the rest.

16
2

Re: Kind of like the Darwin awards

Only the award looks like it should go to Windows 7, not XP. There is emerging analysis that a tiny fraction of affected machines were XP and the primary platform of preference for WannaCry was Windows 7. For instance, https://arstechnica.co.uk/security/2017/05/windows-7-not-xp-was-the-reason-last-weeks-wcry-worm-spread-so-widely/

I suspect that probably says more about the relative number of unprotected Windows 7 machines offering their SMB ports for pwnage, although it does leave a little potential kudos on the table for those who may have made a decision to continue using XP but taken sensible precautions.

12
0
Anonymous Coward

Re: Kind of like the Darwin awards

@wolfetone - I guess if un-patched systems with open SMB ports are running our nuclear reactors, then I'd better be stocking up on survival gear and freeze-dried food.

3
0
Silver badge

Re: Kind of like the Darwin awards

After August 2015 the only way to continue using a Windows 7 system was to disable automatic updates. Those who failed to do this were (almost) sure to wake up using Windows 10 at some moment before August 2016 (or later). In the light of this, it is not surprising that most infections are on Windows 7 systems. There probably are not many Windows 7 systems left in the world which are being patched on the regular basis.

0
0

Re: Kind of like the Darwin awards

Nah, try the unofficial updater built on GNU tools: wsusoffline.net

0
0
Silver badge

Re: Kind of like the Darwin awards

Nah, try the unofficial updater built on GNU tools: wsusoffline.net

Yeah - because it's such a good idea to rely on an unknown[1] 3rd-party for your system updates.

[1] Regardless whether it's built with open-source or not. That won't stop them injecting malicious updates if they chose to.

0
0
Gold badge
Unhappy

So unpatched Windows 7 or only unpatched Windows 7 running XP?

In theory this round should be tougher as most of the infectable should have been hardened.

Or maybe not

1
0
Silver badge

It ought to have a pay-load

A dialogue box that pops up every 5 minutes that says:

You stupid pillock - you still have not applied the update from Microsoft. Do you want to be owned by something really malicious ?

4
0
Silver badge
Boffin

Re: It ought to have a pay-load

Or tell me which is the security update I need to keep my system safe and which doesn't contain MS spyware.

4
1
Facepalm

What's worse?

WannaCrypt/EternalRocks style malware? Or taking a chance on Microsoft not killing all their operating systems, except Windows 10, with their beta security updates?

I do not trust MS to do anything not in their own interests. They do think they own our computers and can tell us how they want us to be using them.

4
1
Bronze badge
WTF?

Re: What's worse?

Not at all surprised, more deserved suffering for XP-tards, no sympathy or pity due!

I'd say that Microsoft is the lesser of the two evils and it's often easier to mitigate or fix their issues, basically these XP-tards should have upgraded to the far more secure Windows 7, years ago. Offensive compromise and modification can be far worse hassle to resolve that a failed update.

What should be in place for all OS's is network port filtering blocks to stop risky ports like SMB being accessible on insecure networks like the Internet or public WiFi, using NAT in a router to block all unmapped ports, and if possible IP-range white-listing of ports by a firewall in XP to further limit exposure e.g. using Ghostwall.

0
4
Anonymous Coward

.. and again ..

.. it's a Windows only problem.

Just wanted to point that out to keep all the Redmond paid voters busy. And I will keep pointing that out every. f*cking. time. it IS a Redmond only problem.

Because they usually are.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing