Groups | Search | Server Info | Login | Register

Groups > microsoft.public.windowsxp.general > #143786

Re: DIRECT LINK: Windows XP SP3 WanaCry/WanaCrypt patch

Cross-posted to 3 groups.

Show all headers | View raw

Steve Hayes wrote:
> On Sun, 14 May 2017 01:59:21 -0400, Paul <nospam@needed.invalid>
> wrote:
> 
>> This one can be delivered in two stages:
>>
>> 1) Real threat arrives as an email attachment.
>>    Employee clicks attachment. Weapon is armed.
>>
>> 2) Now, the malware is inside the network, on the LAN
>>    side of the router. Port 445 is open on other machines
>>    on the LAN, allowing a worm-like attack. So now it
>>    spreads to all your machines, like it was Sality.
>>
>>    This threat really isn't all that much different than
>>    some other Ransomware, which can encrypt any file shares
>>    that it can discover. Existing Ransomware could do a lot
>>    of damage in any case. The new vector will just be
>>    doing a much-more-complete exploitation. You still
>>    have to do (1) to let them in.
>>
>> If you are the sole occupant of your home LAN, and
>> have half-a-clue about email attachments, your risk
>> is low. And the NAT IPV4 router you use with your broadband
>> connection should be enough.
> 
> 
> Thanks for that.
> 
> None of the articles I've read said how it was delivered, and someone
> in a comment on Facebook said it was not delivbered by e-mail
> attachment but by a backdoor. 

Well, it has to get *in* somehow. And most people, by "luck"
will not have port 445 facing outwards. If you were doing
that, something probably would have happened to you over
the years anyway.

Even the router itself is not bulletproof. At one point,
there was an exploit that affected 70 different models of
home routers. The reason for that, is the firmware used
was written by one company, so the same bug was present
across a broad range of products. Your router is a
computer too, and the quality of the code running in
there is just as important.

*******

A buddy at work one day, comes running over to my desk at
about 4PM in the afternoon and says "hey, I'm on someones
hard drive [on the Internet], I can see all their
files and their email - should I email them a warning?". Now,
the first question that comes to mind is "what the hell have
you been doing?". Since I don't have time on a given day,
to discover what my fellow monkeys are up to, I had
no trouble answering "yes, of course, email them and
tell them to fix it". Was it a honey pot ? My guess is,
it's someone just as stupid as my buddy :-) So if
you did connect your PC directly to the ADSL modem
(no router), and then shared C: to "Everyone", that's
what happens. If that machine was still operational today,
somewhere on the Internet, it probably has a Ransomware dialog
on the screen.

    Paul

Back to microsoft.public.windowsxp.general | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

DIRECT LINK: Windows XP SP3 WanaCry/WanaCrypt patch XP-SP3 <none@none.no> - 2017-05-13 17:46 +0000
  Re: DIRECT LINK: Windows XP SP3 WanaCry/WanaCrypt patch VanguardLH <V@nguard.LH> - 2017-05-13 22:20 -0500
    Re: DIRECT LINK: Windows XP SP3 WanaCry/WanaCrypt patch Paul <nospam@needed.invalid> - 2017-05-14 01:59 -0400
      Re: DIRECT LINK: Windows XP SP3 WanaCry/WanaCrypt patch Steve Hayes <hayesstw@telkomsa.net> - 2017-05-14 16:10 +0200
        Re: DIRECT LINK: Windows XP SP3 WanaCry/WanaCrypt patch Paul <nospam@needed.invalid> - 2017-05-14 11:17 -0400
    Re: DIRECT LINK: Windows XP SP3 WanaCry/WanaCrypt patch "J. P. Gilliver (John)" <G6JPG-255@255soft.uk> - 2017-05-14 11:50 +0100
      Re: DIRECT LINK: Windows XP SP3 WanaCry/WanaCrypt patch Paul <nospam@needed.invalid> - 2017-05-14 14:41 -0400

csiph-web