looks like the world is being attacked by a very serious Ransomware virus.

so far UK, US, China, Russia, Spain and many more data's being hold to Ransom. its called WannaCry. and affects windows computers.

The infections seem to be deployed via a worm - a program that spreads by itself between computers.

Most other malicious programmes rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.

By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.

Some experts say the attack may have been built to exploit a weakness in Microsoft systems that had been identified by the NSA and given the name EternalBlue.

http://www.bbc.co.uk/news/technology-39901382

 

[GhostLatte]

If only the Linux circlejerkers had this same mentality.

 

[GerbilSoft]

If only the Linux circlejerkers had this same mentality.

Now show WannaCry infecting a Linux machine with no user interaction.

 

[GhostLatte]

Now show WannaCry infecting a Linux machine with no user interaction.

That wasn't the point I was trying to make

 

[sarkwalvein]

Now show WannaCry infecting a Linux machine with no user interaction.

You are asking for much really.
Would need to port the vulnerability into the CIFS client in the Kernel, then recompile the kernel, and... too much work.

 

[GerbilSoft]

That wasn't the point I was trying to make

So what is the point, that a program running in Wine will do what it's programmed to do?

Yes, intentionally running malware in Wine can result in damage to the system in a default configuration. (Wine usually maps / to the Z: drive, so Windows programs have full access.)

This is effectively the same as telling a Linux user to run "rm -rf /" as root and then being surprised that it deletes everything. (Or, similarly, "del /s /q C:\*" on Windows as Administrator - though Administrator actually has lower access than is required to delete everything due to e.g. the SYSTEM user.)

You are asking for much really.
Would need to port the vulnerability into the CIFS client in the Kernel, then recompile the kernel, and... too much work.

It's a server vulnerability, not client. Samba runs as a userspace process rather than in the kernel, so exploitation would allow for root-level access.

 

[GhostLatte]

So what is the point, that a program running in Wine will do what it's programmed to do?

Yes, intentionally running malware in Wine can result in damage to the system in a default configuration. (Wine usually maps / to the Z: drive, so Windows programs have full access.)

This is effectively the same as telling a Linux user to run "rm -rf /" as root and then being surprised that it deletes everything. (Or, similarly, "del /s /q C:\*" on Windows as Administrator - though Administrator actually has lower access than is required to delete everything due to e.g. the SYSTEM user.)

It's a server vulnerability, not client. Samba runs as a userspace process rather than in the kernel, so exploitation would allow for root-level access.

I was trying to make the point that some Linux users fail to realize that ransomware does exist for Linux.

 

[Futurdreamz]

You are asking for much really.
Would need to port the vulnerability into the CIFS client in the Kernel, then recompile the kernel, and... too much work.

It's the same as porting anything to Linux. Even if you get it to work, everything will have to be reworked for pretty much every distribution.

 

[Joom]

If only the Linux circlejerkers had this same mentality.

I already covered why this only works if you have folders from your home directory symlinked to the emulated C: drive in the Wine prefix a couple pages back. Remove the symlinks and it won't affect your shit. This video is very misleading.

 

[GerbilSoft]

I was trying to make the point that some Linux users fail to realize that ransomware does exist for Linux.

This is Windows ransomware running in Wine, not "Linux ransomware".

I haven't seen any Linux ransomware in the wild, but of course it's possible. Ransomware usually spreads by email, and in many cases as a JavaScript file. I don't know of any Linux desktop environments that associate JavaScript files with an interpreter to allow them to run like regular programs. (On Windows, JavaScript files are associated with Windows Shell Host.)

It's the same as porting anything to Linux. Even if you get it to work, everything will have to be reworked for pretty much every distribution.

Haven't had to do this for my ROM Properties Page plugin. Care to tell me what I'm missing?

 

[Joom]

It's the same as porting anything to Linux. Even if you get it to work, everything will have to be reworked for pretty much every distribution.

Mm, no. Most everything is distribution independent. Different distro ≠ different OS.

I haven't seen any Linux ransomware in the wild,

I wrote one in Bash a couple years ago (well, it was just a locker that was meant to be a PoC) that might still be floating around. There's also a few on Github.

https://en.wikipedia.org/wiki/Linux.Encoder.1

 

[sarkwalvein]

-snip-
If you are so willing on fucking up your system on purpose you could as well just do sudo dd if=/dev/random of=/dev/sda

 

[Vipera]

If only the Linux circlejerkers had this same mentality.

Gotta love the replies you received, with all the Linux fanboys missing the point of the video lol.

Also this video makes me want to switch my host to Windows Server.

 

[GerbilSoft]

Also this video makes me want to switch my host to Windows Server.

You should do that right away.

 

[supermario18]

So, is it safe to connect to the internet if I have all the updates installed?

 

[VinsCool]

So, is it safe to connect to the internet if I have all the updates installed?

Yes, again, yes. If a person has all their updates, they are safe.

 

[wolfmankurd]

So, is it safe to connect to the internet if I have all the updates installed?

Also you are likely behind a router blocking external SMB traffic, maybe even behind a ISP NAT.

Your router is your first and most important line if defence. Unless necessary you should not forward ports through your router! Why so many NHS Trust networks accepted SMB traffic for the internet is beyond me.

I bet a lot of people are like "Ha! I've never forwarded a port in my life." If you have UPNP enabled you might as well use a kraft swiss cheese slice for a firewall.

I'm not sure how ipv6 would effect worm propagation on the one hand we'd loose NAT and routers might forward as default more with the machines filter LAN/WAN but at the same time you'll be far less likely to hit a networked address...

 

[VinsCool]

So apparently someone found a way to get everything back to order.

http://thehackernews.com/2017/05/wannacry-ransomware-decryption-tool.html?m=1

 

[GerbilSoft]

You would hate windows 10 because it doesn't have a security exploit required for wannakey?

Windows 10 is actually doing the right thing here, even though MSDN documents that it's not guaranteed that CryptReleaseContext deletes key pairs. (They probably changed it in Windows 10 due to too many programs getting it wrong.)

 

[GerbilSoft]

It's back, and this time it's much worse.

The Petya ransomware has been updated to use the same EternalBlue vulnerability as WannaCry, but with an added "feature": once it gets onto a vulnerable machine, it proceeds to use wmic and psexec to reuse authentication credentials to infect other machines on the network. This works even if the other machines have been patched.

As an added bonus, the Petya ransomware installs itself into the hard drive's MBR, then reboots into a fake CHKDSK process (which is actually encrypting the HDD). Once it's done, it prompts you to send $300 worth of Bitcoin in order to recover your files.

 

[EthanAddict]

It's back, and this time it's much worse.

The Petya ransomware has been updated to use the same EternalBlue vulnerability as WannaCry, but with an added "feature": once it gets onto a vulnerable machine, it proceeds to use wmic and psexec to reuse authentication credentials to infect other machines on the network. This works even if the other machines have been patched.

As an added bonus, the Petya ransomware installs itself into the hard drive's MBR, then reboots into a fake CHKDSK process (which is actually encrypting the HDD). Once it's done, it prompts you to send $300 worth of Bitcoin in order to recover your files.

Does it affect Linux??!?! No? Windows peasants