Slashdot Mirror

← Back to Stories (view on slashdot.org)

New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two (bleepingcomputer.com)

Posted by EditorDavid on from the spreading-spyware dept.

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload.

EternalRocks is far more complex than WannaCry's SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received.

Last but not least, the worm does not have a killswitch domain, which means the worm can't be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm's owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo.
Ars Technica quotes security researchers who say "there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April... These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch."

115 comments

  1. This is windows calling... by Anonymous Coward · · Score: 5, Funny

    Your computer have virus.

    1. Re: This is windows calling... by thundercattt · · Score: 5, Funny

      Sure Windows, you sound legit with your Indian accent. Access as needed. O.....sorry I'm not paying. Btw, you're also locked in a virtualized Windows platform on Debian. Thanks for playing

    2. Re: This is windows calling... by Sir+Holo · · Score: 1

      Sure Windows, you sound legit with your Indian accent. Access as needed. O.....sorry I'm not paying. Btw, you're also locked in a virtualized Windows platform on Debian. Thanks for playing

      Windows is sand-boxed inside of a VM instance for me.

    3. Re:This is windows calling... by DontBeAMoran · · Score: 1

      You've got worm! - AOL

      --
      #DeleteFacebook
    4. Re: This is windows calling... by KiloByte · · Score: 1

      Windows has degraded so badly I don't think anyone competent should run it outside a VM for any purpose other than badly-made games anymore.

      On the other hand, I don't watch TV at all, nor do I play AAA games, so I'm rather ill informed about today's DRM. As for games, everything I've tried recently works fine in wine with issues restricted to details like:

      • * gamepad not detected (around half of gamepad-using games, workaround: can emulate keyboard)
      • * insists on the wrong monitor if fullscreen (actually less frequent than on real Windows)
      • * sound gets choppy after a few hours, need to restart the game to fix (one game)

      As the above issues are way less drastic than what people say about wine, I guess that problems people have are not wine's fault but rather the result of semi-intentional sabotage by DRM that AAA junk tends to be infested with.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    5. Re: This is windows calling... by Anonymous Coward · · Score: 0

      You just sound inept and like a bit of a troglodyte. So maybe the problem is with you. After all, you are probably the incompetent factor here.

    6. Re:This is windows calling... by Anonymous Coward · · Score: 0

      Your computer have virus.

      Please to do the needful.

    7. Re: This is windows calling... by Anonymous Coward · · Score: 0

      When I read these comments it makes me ask a very legitimate question:

      Are these posters active in the workforce? Every relevant office in the world uses windows.

      Now I certainly understand if you are unemployed or retired and you only use Linux. But out here in the functional world, windows is everywhere.

      So what is it? Blatent lies or unemployed 'techies' that are not exposed to the outside world?

    8. Re:This is windows calling... by Barlo_Mung_42 · · Score: 2

      So does this one support Win10? Virus writers seem stuck in the past.

    9. Re: This is windows calling... by Doke · · Score: 1

      I've used Linux desktops and laptops for work for the last 17 years. Most of my co-workers use either Linux or MacOS. I think we have five windows users in the department. One or two others have secondary windows desktops. We mostly work with Solaris and Linux servers, or Junos routers and switches. So having a similar environment on our desktop is very useful. Windows is used in conventional non-tech business, ie banking, insurance, etc. So it's common in the 1st level tech support for those kinds of companies. It's far less prevalent in third level tech support, server support, or companies whose product is technology.

    10. Re: This is windows calling... by Doke · · Score: 1

      I also believe windows is too unreliable to run on bare metal, and should be run in a VM. If nothing else, it lets you roll back to a snapshot before a bad patch. However, Microsoft deliberately makes that difficult. It turns out every time we VMotion a Windows VM, the cpu id changes, and invalidates the OS registration. Then after a month or so, it stops working. We have to re-register it after each move. That pretty much prevents us from using VMware's dynamic balancing. We've never found a way around that limitation.

    11. Re:This is windows calling... by BlueStrat · · Score: 0

      So does this one support Win10? Virus writers seem stuck in the past.

      Wut!?

      Win10 *IS* a virus!!

      I guess it's virii all the way down. :)

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    12. Re:This is windows calling... by Anonymous Coward · · Score: 0

      Your PC is now Stoned!

    13. Re: This is windows calling... by Brockmire · · Score: 1

      Isn't paying for another license the solution? Or different windows enterprise version?

    14. Re:This is windows calling... by Anonymous Coward · · Score: 0

      You are an idiot. Proof positive that a low /. ID = a low IQ.

    15. Re:This is windows calling... by Anonymous Coward · · Score: 1

      You're right. Windows 10 isn't a virus, it's malware.

    16. Re: This is windows calling... by Anonymous Coward · · Score: 0

      we only have one windows server, which runs veeam. otherwise we have 400 or so Linux servers ( bare metal or VM). our group mostly is based using terminal window or browser. only the 2 clueless guys use windows, 2 have Mac, and the rest of the group use Linux .

    17. Re: This is windows calling... by KiloByte · · Score: 2

      Are these posters active in the workforce? Every relevant office in the world uses windows.

      My last job where I interacted with any office workers (sales, accountants) ended 5 years ago. It looks like such software has mostly moved inside the browser, too, which trades local deployment problems (a nightmare!) for browser incompatibility issues (MSIE being mostly dead, this seems to be a solved issue). I'm not a web developer, either.

      And in rare cases when I have to test something on Windows, it's the very reason I keep a Windows VM! And more importantly, not just one but a whole array of them. Assuming your company has only 10, 7 and XP, you'd need three physical computers for that task (Windows is notoriously bad for having multiple versions on partitions on the same computer). I, on the other hand, just turn on the relevant VM -- often multiple ones at the same time. And when Windows inevitably fucks itself up, I revert to earlier state with a single command.

      Even in that job in the past where I wrote Windows software, I did it in VMs on a Linux host, for the above reasons.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    18. Re: This is windows calling... by AmiMoJo · · Score: 1

      There was a video on YouTube last year of a guy who managed to convince the scammer that the scammer's own PC was broken and then walking him through how to go into the BIOS and fix it. Of course, the change he made to the BIOS actually made the machine unbootable and possibly unrecoverable.

      Most of the scammers are just working from a script. They don't know anything and are easy to mess with. Must be weird doing that for a living though.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    19. Re: This is windows calling... by Zontar+The+Mindless · · Score: 1

      I haven't used Windows for work or personal reasons in about 12 years. The only exception being about a half-dozen times that I've run it in a VM to see if the Windows version of our product still compiled and ran according to the instructions.

      I am very actively employed at a global top 10 software vendor. Do you think I need to get out more?

      --
      Il n'y a pas de Planet B.
    20. Re:This is windows calling... by Hank+the+Lion · · Score: 1

      Ooh! That's an old one! Haven't seen it in the wild, but I can remember when it was doing the rounds.

    21. Re: This is windows calling... by Anonymous Coward · · Score: 0

      When I see trolls like these it makes me want to ask the very legitimate question:

      Why do people feed the troll? These childish provocative questions prove how little of a kid they are no matter how old they get.

      Going around labeling people just to be smug and ignore all logic. They make blanket statements like something doesn't exist. You just can't take them seriously.

      I can use Linux if I want or I can use Windows. I don't need to lie about OS use, and I don't need to justify my choice to some random kid online.

    22. Re: This is windows calling... by Highdude702 · · Score: 1

      Sounds like youre at the place to work man! Lucky you. The lot of these poor saps get forced to use shitware.

    23. Re: This is windows calling... by Anonymous Coward · · Score: 0

      I love Linux. It's all I run on my house, save for my surface which is work applied. But, my money comes from Windows and on my Corp systems rarely, if ever, get malware. Know why? Because users run restricted and I keep my shit patched religiously, I run affective perimeter defenses and stay on top of it. Guess what? If the opposite were true and I ran as massive of an all Linux network...I'd be doing the same damn thing. It's what a competent sysadmin does. I patch my Linux boxes just as aggressively as windows. In my last audit, the only box out of about 250 we popped with a basic run through with armitage was a Linux machine an admin added without following protocol. I really wish windows came out of the box with limited users rights, uac helps, but this notion that you can't secure windows to the level you can secure Linux is malarkey.

    24. Re: This is windows calling... by Highdude702 · · Score: 1

      so how many times should they pay for that one install?

    25. Re:This is windows calling... by Anonymous Coward · · Score: 0

      You are both wrong! Its the Win10 Spy-Virus...spyware and malware and virus all rolled into one and masquerading as an Operating System!

    26. Re: This is windows calling... by BronsCon · · Score: 1

      What do the executives use? You know... the relevant office, as far as business is concerned.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    27. Re:This is windows calling... by Anonymous Coward · · Score: 0

      You've got worm! - AOL

      Tape worms are so last century.

    28. Re: This is windows calling... by Anonymous Coward · · Score: 0

      Yeah - windows has no way to run vms, you'd have to use physical partitions for some reason.

      Writing software IN a vm for Windows seems bizarrely painful. I get that windows has problems but keeping a clean windows system for visual studio (when I'm doing that) is simply not a problem.

      I'm skeptical people like you that seem to have trouble doing it are intelligent at all.

    29. Re: This is windows calling... by BoogieChile · · Score: 1

      > Btw, you're also locked in a virtualized Windows platform on Debian.

      You've almost got it right. you just need to add something along the lines of;

      And, just because I consider you one of my really special friends, I've got this really cool little tool tcpdump running on it and hey! Is that your IP address? Huh. I wonder what other those kooky nuts over at /b/ will make of that? ...Oh, he hung up.

    30. Re: This is windows calling... by KiloByte · · Score: 1

      Yeah - windows has no way to run vms, you'd have to use physical partitions for some reason.

      Windows as a host can run VMs, but it really sucks when it comes to managing them. Even the basics you take for granted on Unix, like dd, scp, rsync, are missing, and don't work well if you try anyway. On the other hand, even without any external tools, with nothing but basic qemu+btrfs, on Linux you get thin provisioning, discard, snapshots, deduplication, O(changes) backup, and so on, out of the box.

      Writing software IN a vm for Windows seems bizarrely painful.

      It's strictly less painful than writing outside a VM.

      I get that windows has problems but keeping a clean windows system for visual studio (when I'm doing that) is simply not a problem.

      Try when an external component you're using has two versions that can't be installed in parallel, and you need the old one for some projects, and the new one for others (including preparing upgrades). On an Unix system you'd either fix the component yourself and upstream your changes, or at least install the other version in a chroot. On Windows, there's no reasonable way to do so without VMs.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
    31. Re: This is windows calling... by Anonymous Coward · · Score: 0

      They use whatever I, the administrator, tell them to use. My job is to make everything run and stay secure. When it comes to the computers and the networks, my say is final.

      If anyone, executives included, need something then they can put in a request at my office and I will consider it. That is standard procedure for the good of the company and any responsible executive knows that.

    32. Re: This is windows calling... by BronsCon · · Score: 1

      You've worked for a lot of companies, haven't you? I mean short stints with security escorts out of the building shortly after your logins stop working.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  2. NSA is busy by Anonymous Coward · · Score: 0

    ... Crafting even nastier ones as we speak.

    Maybe if we *did* something about their datacenters and the people working in them, maybe we'd have a chance before they combine this crap with IoT and finally get the dystopian kill-through-net future they've been sexually pleasuring themselves to the fantasy of for decades now.

    Preferably while all the old nukes are still running of 7 1/2 floppies and protected from these monsters setting off false flags.

    1. Re:NSA is busy by Anonymous Coward · · Score: 1, Informative

      NSA don't need to craft anything. They just have to read the memo from Microsoft to catch up on where the backdoor was moved to.

  3. The Internet's full of SMB worms by rsilvergun · · Score: 1

    Just look at Google. Terrifying, just terrifying.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  4. ooh, i am so outraged by Anonymous Coward · · Score: 1, Insightful

    Be sure to spin rhetoric about "NSA" and "CIA" freakouts harder than the actual technical details, as usual!

    1. Re:ooh, i am so outraged by Anonymous Coward · · Score: 2, Insightful

      Why shouldn't we? The technical details are not of interest to a general audience, and are already available to those who do have a vested interest.

      The bottom line, however, is that the NSA knowingly endangered the entire country by failing to disclose vulnerabilities in our digital infrastructure. The "its not their job" argument is bullshit. They acted unethically (to but it way to mildly), and the people who pay their salaries are now being hacked because of it.

      Not cool.

    2. Re: ooh, i am so outraged by Anonymous Coward · · Score: 0

      Computers get hacked every day. But not like this. That's why it's news. You putz.

    3. Re: ooh, i am so outraged by Anonymous Coward · · Score: 0

      Oh yes they do you prolapsed anus.

    4. Re: ooh, i am so outraged by Anonymous Coward · · Score: 0

      Maybe you should stick to using the North Korean os? I here retards love it.

    5. Re:ooh, i am so outraged by ArmoredDragon · · Score: 1

      Why shouldn't we? The technical details are not of interest to a general audience, and are already available to those who do have a vested interest.

      This is slashdot, whose motto is "news for nerds". Granted, this isn't 2600, but I think getting more to the technical side is at least somewhat warranted.

      I honestly despise slashdot's articles that remain the political realm without getting down to some kind of science or engineering (unless it's some sort of life altering event like 9/11 or something.)

    6. Re: ooh, i am so outraged by Anonymous Coward · · Score: 0

      Right, this isn't 2600, where they are so technologically illiterate that they describe physical wiring instead of providing schematics and rattle off color code bands instead of just saying what value resistor.

    7. Re: ooh, i am so outraged by Anonymous Coward · · Score: 0

      I here

      Fucking moron.

  5. The Viri by rmdingler · · Score: 1
    Though it's unlikely there are more malicious exploits out there than there has ever been, they've been getting more mainstream press.

    Why? Is there not enough information to fill the 24 hour news cycle with Trump in the US, Erdogan in Turkey, the Brexit in Europe, ad infinitum...

    Or, and I don't have the tinfoil hat on but it's out of the drawer, will these be used to somehow shunt internet freedoms as the powers that be protect us from another Boogeyman.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

    1. Re:The Viri by Anonymous Coward · · Score: 0

      will these be used to somehow shunt internet freedoms as the powers that be protect us from another Boogeyman.

      "You never let a serious crisis go to waste. And what I mean by that it's an opportunity to do things you think you could not do before." - Rahm Emanuel

      You can bet your ass that it will be. My vote is on the "mandatory code signing" crap.

      (Code signing only protects code at rest. It does absolutely nothing once the code is running and exploitable to hackers. It does however prevent people from being able to modify their own systems.)

    2. Re:The Viri by Anonymous Coward · · Score: 0

      The English plural of "virus" is "viruses." Proof right here.

      The word "Viri" is not only incorrect, it makes you look like a pretentious jackass. You are trying to sound smart and revealing your own stupidity!

      Why do you keep doing this?

    3. Re:The Viri by Anonymous Coward · · Score: 0

      Why do you keep doing this?

      Simply to annoi you.

    4. Re:The Viri by XparXnoiaX · · Score: 1

      After heartbleed, security researchers realized you could give a vuln a catchy name and a cute logo and it would get a lot more attention.

      Since being a security company is more a matter of marketing than skill (in a great many cases: look at the most popular anti-viruses), once the white hats realized that, they did it more.

      --
      Irresponsible disclosure is responsible
    5. Re:The Viri by Anonymous Coward · · Score: 0

      "Virii" is a term used as the plural of "virus" in a computer virus sense. It started back in the elite BBS days of the 80s, but you probably weren't even born then.

  6. Re:Epic coincidence by Anonymous Coward · · Score: 0

    oh yeah, i'm sure that's why it was launched

  7. Unix-based by Anonymous Coward · · Score: 0

    The current focus is on WIndows vulnerabilities, but I wonder if there are Linux/*BSD/MacOS vulnerabilities of similar significance that have not made it into general consciousness. It strikes me that the NSA may have had exploits of similar effectiveness for these systems that haven't been released by Shadow Brokers or others (perhaps because they get a bigger bang by revealing Windows-based exploits).

    1. Re:Unix-based by mspohr · · Score: 1

      No.

      --
      I don't read your sig. Why are you reading mine?
    2. Re:Unix-based by Anonymous Coward · · Score: 0

      If you harden your Linux box and don't do stupid stuff you should be OK. Windows on the other hand leaks like a 98 year old prostitute.

    3. Re: Unix-based by Anonymous Coward · · Score: 0

      Same deal if you harden your Windows system and don't do reckless things.

    4. Re: Unix-based by Anonymous Coward · · Score: 0

      The only way to harden your Windows system is to never power it up.

    5. Re: Unix-based by Brockmire · · Score: 1

      Years ago, hackers leveraged Google alerts to find JBOSS servers on the Internet so they could be hacked. Hard to detect these things.

    6. Re:Unix-based by AHuxley · · Score: 1

      Depends what the staging server was used for and what was found in the wild. Everything or just Windows?

      --
      Domestic spying is now "Benign Information Gathering"
    7. Re:Unix-based by Anonymous Coward · · Score: 1

      If you only followed the news in the past month, you'd notice that Windows vulnerabilities and attack tools were only dumped just after Linux/Solaris/MacOS/Android exploit tools were released by the same group, ShadowBrokers.

    8. Re: Unix-based by Anonymous Coward · · Score: 0

      Fair point. However, many of the core W10 hardening features (virtualization based security, code integrity verification, etc.) are only available for W10 enterprise edition, and not for the home or pro editions.

  8. No qord from the NSA? by Sir+Holo · · Score: 3, Interesting

    Why has the NSA, who know exactly what weaponized exploits were broadcast to the world. . . Why has the NSA not offered-up any antidotes to their now-public weaponization of a bunch of sploits?

    They could swoop in and try to look like the hero here, but there's been no sign of that. Not a peep from the NSA.

    Are they just making popcorn and watching the fallout because they think they are computer GODS, enjoying watching the plebes fight all of these forthcoming worms and trojans just to get themselves off before going back to work reducing the security of the USA by continuing to develop more of the same?

    1. Re: No qord from the NSA? by Anonymous Coward · · Score: 0

      'Cause there is one simple antidote - scissors brought to the Ethernet cables

    2. Re:No qord from the NSA? by Anonymous Coward · · Score: 0

      Why make a virus and a cure when you can make two viruses?

    3. Re:No qord from the NSA? by bengoerz · · Score: 5, Insightful

      Sure, it's just a coincidence that Microsoft released MS17-010 - a patch for multiple NSA-discovered vulnerabilities - several weeks before they were disclosed by Shadow Brokers.

    4. Re:No qord from the NSA? by MSG · · Score: 4, Insightful

      I hate to interrupt a good blame fest, but every Windows computer comes with a program that downloads updates (fixes) from Microsoft and approximately zero Windows computers come with a program that downloads updates from the NSA. So how would the NSA distribute fixes, if they wanted to?

      Microsoft already released fixes, so what makes you think the NSA didn't provide the information needed to the people who are in a position to distribute fixes?

    5. Re:No qord from the NSA? by Anonymous Coward · · Score: 0

      There is an antidote, patch you fcking computer.

    6. Re:No qord from the NSA? by Anonymous Coward · · Score: 1

      I hate to interrupt a good blame fest, but every Windows computer comes with a program that downloads updates (fixes) from Microsoft and approximately zero Windows computers come with a program that downloads updates from the NSA.

      What if I told you... That one program does both ?

    7. Re:No qord from the NSA? by AmiMoJo · · Score: 2

      They released patches for EternalBlue and related exploits AFTER the ShadowBrokers released them.

      Microsoft didn't release patches for older versions of Windows until the day after the attack on the NHS.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    8. Re:No qord from the NSA? by Anonymous Coward · · Score: 0

      Why has the NSA, who know exactly what weaponized exploits were broadcast to the world. . . Why has the NSA not offered-up any antidotes to their now-public weaponization of a bunch of sploits?

      They could swoop in and try to look like the hero here, but there's been no sign of that. Not a peep from the NSA.

      Are they just making popcorn and watching the fallout because they think they are computer GODS, enjoying watching the plebes fight all of these forthcoming worms and trojans just to get themselves off before going back to work reducing the security of the USA by continuing to develop more of the same?

      The real NSA doesn't give a crap what the media says.

    9. Re:No qord from the NSA? by amiga3D · · Score: 2

      What really bugs me is that shit continuously leaks out of the NSA. Just pours the fuck out. What do we pay them for? I mean really what use is a spy organization that gets the fuck hacked out of it all the damn time? Billions of dollars and the secrets we pay through the nose to acquire are out for every asshole in the world to use. And not a single damn incompetent cocksucker gets fired! On 9/11 we get hit by fuckers that they knew were here, they had a report they were learning to fly but weren't interested in how to take off or land a Jumbo Jet, and no one lost their job despite one of the greatest Intel FAILS of all time. I think it's time to do something about Americas spy organizations that only seem to be fit to spy on Americans.

    10. Re:No qord from the NSA? by ChumpusRex2003 · · Score: 1

      The EternalBlue patch was released on 14 March for supported OSs and for customers with custom support for older OSs. Shadow Brokers released EternalBlue on 14 April.

      EternalBlue patches for older OSs were made generally available on 15 May, 3 days after Wannacry attacks were reported on a large scale. This is despite the fact that the exploit Wannacry used for the EternalBlue vulnerability failed to work on XP due to differences in the OS.

    11. Re:No qord from the NSA? by bengoerz · · Score: 1

      Correct.

      Microsoft patching older OSes that are no longer supported was a free gift. Any business running XP or Server 2003 without a custom support contract is taking a big risk gamble.

      I realize Slashdot loves to hate MS - and their war on Linux was good motivation - but MS really acted responsively on WannaCry.

  9. All car has always a backdoor, the 3rd or 5th door by Anonymous Coward · · Score: 0

    If you want to be safe, shutdown your PCs today for unexpected tomorrow or week.

    Why?

    Because Windows is still vulnerable coming the e-terror to you.

  10. liability by Anonymous Coward · · Score: 1, Insightful

    Make commercial software companies legally liable.

    1. Re:liability by mentil · · Score: 1

      Just add verbiage to the clickwrap saying "we're not legally liable. also, binding arbitration." Oh wait the clickwrap already says that. You mean a new law that mandates liability? Simple, contracts say "you agree to keep this machine airgapped" in a 'crumple-zone' clause that everyone expects to be violated yet is designed to not affect the rest of the contract when it is. Ok MS agreed to provide a secure product... but only those who violated the contract were infected and could be party to a class-action suit, opening the door for them to be countersued. Make it VERY public and clear that anyone who sues them for infection liability WILL be countersued for every penny by a larger team of higher-paid lawyers.

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    2. Re:liability by Anonymous Coward · · Score: 0

      Open Source communities too please. Firefox and Linux community should not be immune to this as some of the code quality their is a fucking disgrace.

  11. Glad I killed off SMB v.1 by Anonymous Coward · · Score: 5, Informative

    If you haven't looked into it yet and you're running Windows 7 and above, disable SMB v.1 on Windows as server or client. There's not much reason to maintain it unless you have older hardware/software that relies on it (XP, Windows Server 2003). v.1 is slower and completely replaced by SMB v.2 and v.3.

    1. Re:Glad I killed off SMB v.1 by jbmartin6 · · Score: 1

      This is a good idea anyway, since there are several exploits in SMBv1 which were patched in the May 2017 release. i.e. after MS17-010 was released. So SMBv1 is getting a lot of extra attention, and there is still more ground for hi jinx there. I believe it is disabled by default in server 2012 R2

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
  12. Re:No word from the NSA? by phayes · · Score: 5, Insightful

    Wakey wakey sleepyhead....

    When the NSA realized that the code had been stolen & likely to be released, they communicated the SMB bug to Microsoft who then released patches for their "maintained" OS's two months ago. It is because of this that they were able to release patches for their out of maintenance OSes as soon as Wannacry started spreading.

    Did you just imply that if the NSA said "here's a patch, please apply it globally" that you would apply it blindly?!? I'm not one of the people calling for the NSA to be the world's beta testing organization by buying up all the bugs on the internet & then handing them off to makers so that they patch their code, but even I wouldn't apply a NSA patch blindly like that.

    The NSA is not Trump with hourly Twitter updates direct from them to the world. They'll always communicate through proxies.

    --
    Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
  13. Re:All car has always a backdoor, the 3rd or 5th d by bengoerz · · Score: 1

    Or everybody could just quit panicking and patch their systems.

  14. Useful Info by jasnw · · Score: 1

    Every time another "ogodtheskyisfalling" article comes out covering a new/improved malware based on the leaked NSA toolbox I'm looking for a quick summary early in the article that says "this beastie will be a problem for Windows, probably Win7 and earlier; will not be a problem for Linux; probably won't be a problem for OS X." Or even a simple 0-10 ranking of "no problemo" to "burn your computer NOW!" for each of the three major platforms placed somewhere prominent in the article would be nice. For my less-techie friends/relatives who get all hyped up with every new WormKillerTorpedoBot_Comrade exploit, it could give them an idea if they should be worried and figure out what to do, or not. For me, I can avoid reading pages and pages of turgid tech-prose about something that, not running anything on Windows, I don't need to care about. So how about it Tech Pundits of America, how about a little help here?

  15. No Security Agency by Anonymous Coward · · Score: 0

    Fuck these guys.

  16. They are waiting by future+assassin · · Score: 1

    for the system to be infected then take them over from the virus writers discretely

    --
    by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
  17. Send the kill code now! by Anonymous Coward · · Score: 0

    MS should just force the upgrade of all computers to Windows 10.

  18. Dear NSA, by fahrbot-bot · · Score: 1

    What goes around is apparently coming around - thanks a lot for that.
    Seems that whole "(our) security through (your) obscurity" thing has a few wrinkles in it.

    Sincerely,
    The people you're supposed to be protecting.

    --
    It must have been something you assimilated. . . .
  19. I've configured my firewall by Snotnose · · Score: 1

    TCP port 137, 139, and 445 are blocked, UDP ports 137 and 138 are blocked. So am I safe?

    I've got a printer and NAS on my network, I know the printer uses SMB but not sure of the NAS.

    1. Re:I've configured my firewall by phantomfive · · Score: 1

      Block every port.

      --
      "First they came for the slanderers and i said nothing."
  20. Re:All car has always a backdoor, the 3rd or 5th d by TheFakeTimCook · · Score: 1

    Or everybody could just quit panicking and patch their systems.

    I tried.

    I downloaded MS17-010 for 64 bit Win 7 (which I run in my work laptop), and after churning for a few mins, it said that the Update Wasn't Installed.

    So I simply disabled SMB1 and am hoping for the best.

    If anyone has any ideas, I'd love to hear them!

  21. Re:All car has always a backdoor, the 3rd or 5th d by Anonymous Coward · · Score: 0

    It says something that I was almost as scared of manually downloading and installing a critical security patch from Microsoft than I was of the original virus.

    Turning wuauserv on for the first time in over a year felt like I'd turned off my ad and script blockers and downloaded all the russian porn and pirated software I could find.

  22. This Just In by Anonymous Coward · · Score: 0

    The bugs involved were leaked to the Russians by The Donald.

  23. Sonos requires SMB1 for locally-stored content by Constantin · · Score: 3, Interesting

    Ned Pyle and others have eloquently described why everyone should drop SMB1 support, yet NAS suppliers and Sonos continue to ship products that use SMB1.

    Despite being deprecated by MSFT for years, SMB1 is alive and well with Sonos. There is no SMB2+ support, there is no timeline nor any commitment to add SMB2+ support. Please note: this issue only affects those that use Sonos with a local file server such as a NAS, your PC, etc. to store the music library and then make it accessible via the LAN.

    I don't understand how a company that prides itself on making premium audio products doesn't put security ahead of other software development priorities. One juicy scandal can cause way more damage than the modest cost of implementing readily-available SMB2-3.11 server/client software packages.

    SMB1 support on the Sonos, if allowed at all, should be on a opt-in basis, with adequate warnings to consumers re: potential pitfalls. Modern incarnations of SMB servers have NTLM v1 and SMB1 support turned off by default for a reason.

    1. Re:Sonos requires SMB1 for locally-stored content by Anonymous Coward · · Score: 0

      Don't forget that many MFP/Copier units that perform scan-to-file across the network will only communicate via SMB1. Just recently found this out when Migrating someone's Microsoft SBS 2003 server to Server Essentials 2016. Thankfully the place (locally sourced) where they leased the unit from was able to come on-site and apply a firmware update to add SMB 2 support.

    2. Re:Sonos requires SMB1 for locally-stored content by bill_mcgonigle · · Score: 1

      "We can't upgrade the servers because we have some crappy old photocopiers."

      You know who says things like that? People who get WanaCry outbreaks in their systems.

      You can't have your cake and eat it too.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  24. Nice work, National SECURITY Agency! by Anonymous Coward · · Score: 0

    NSA...Making America Secure again! Bigly!

    With a friend like the NSA, who needs enemies!

  25. One of these days by mark_reh · · Score: 1

    some talented hacker will turn their attention to wiping out all records of student loans and consumer debt. Heck, maybe even mortgages.

    We can only hope...

    1. Re:One of these days by Mal-2 · · Score: 1

      A 21st century Fight Club?

      --
      How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  26. Hardening scripts by Anonymous Coward · · Score: 0

    I have seen so many Linux hardening scripts, written in bash. But similar hardening scripts are very rare in the Windows platform. It would be nice if some scripts are released to the public on how to harden standalone machines and also scripts for hardening Enterprise versions of Windows which are connected to both LAN and WAN. If a new exploit is found, then a single line update on hardening script would do to mitigate the new threats.

    I have built my own script for Windows (disabling services and removing stuff I don't need), but my script is not as powerful as those scripts I have seen for Linux.

  27. no there is not. by Anonymous Coward · · Score: 0

    No such thing as a "secure" os, some are less secure than others.
    Anything that has a connection to anything else is less secure,anything connected to an internal network is even less secure,anything with a connection to the internet in any shape or form is realy insecure..
    ANYONE that thinks they admin/own/use a "secure" system is deluded/deluding other users..
    Linux/OS etc etc all have holes/backdoors,EVERYTHING does,anything that one man/group can create can be subverted by one man/groups..
    You will never know how many holes your particular favourite os has until it's too late..
    If you want/need real security,don't use ANYTHING electronic, use an abacus and pen and paper..
    Modern electronics "may" have bought the world many so called advantages,but the world got along for thousands of years without them and will do so again in the future..
    Posted by a happy/safe dull luddite..
    Using a dull android device that never has anything vital/important on/through it,that resets itself at random(thanks HTC) but does what I need/want it to do.
    Anyone want to hack me,be my guest,I have nothing that you can steal,blackmail me with,so I don't care if anybody does hack it.bank accounts what are they ? got none,embarrassing crap,got none,vital data,got none..
    Try more life,less things and stuff.
    P.s,yes I do live in the "real" world,and unfortuanetly have to rely on all the crap electronic stuff everyone else insists on useing..

    1. Re: no there is not. by Anonymous Coward · · Score: 0

      Do you have a moment to talk about our Lord and Saviour, QubesOS?

    2. Re: no there is not. by Anonymous Coward · · Score: 0

      Fitting, as you would need to be a religious nut to think it is magically safe from exploitation...

  28. Depends on the sector by DrYak · · Score: 1

    Are these posters active in the workforce? Every relevant office in the world uses windows.
    {...} But out here in the functional world, windows is everywhere.

    Depends of the field you work.
    Academic research ?
    Specially in fields like computational biology ?
    It's going to be exclusively UNIX.
    With Mac OS X being a bit more popular on the laptops and workstations of the researchers,
    and Linux having monopoly on the servers and compute nodes.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  29. F the NSA by WCMI92 · · Score: 1, Insightful

    They are an enemy of the United States. Arrest them and take their computers.

    --
    Corporatism != Free Market
  30. The article image makes it look like... by Anonymous Coward · · Score: 0

    The article image makes it look like Microsoft WROTE it.

    After all, it says the product is copyrighted by Microsoft.

  31. Re:Protect yourself vs. SMB1 attacks easily by Constantin · · Score: 1

    That's great advice but see my note below, if you want to run a Sonos from a file server as intended, you have to have SMB1 (NT1) enabled on that file server, which means also enabling NTLM v1 authentication.

    Yes, there is a complicated workaround by using Plex or subsonic as a means of feeding the Sonos data without the need for SMB1 insecurity, but implementing this system is not the faint of heart. Plus, with every new service enabled on the server, you add more potential exploits.

    All I want is to be able to enable SMB 3+ on my home file server or shut it off altogether. Presently, the best solution may be to use a burner file server just for the Sonos with one-way updates. Nuts!

  32. Re:Protect yourself vs. SMB1 attacks easily by Anonymous Coward · · Score: 0

    You should look at an alternative for Sonos then.

  33. Microsoft by Anonymous Coward · · Score: 0

    Why does Microsoft produce such fucking terrible software? Do what Apple had the balls to do a decade ago and drop all native backward compatibility with old apps. All old apps should run in a VM or in a sandboxed environment.

    WannaCry is a disgrace and again proves Microsoft blows.

  34. Stop choosing non-freedom. by jbn-o · · Score: 1

    Despite being deprecated by MSFT for years, SMB1 is alive and well with Sonos. There is no SMB2+ support, there is no timeline nor any commitment to add SMB2+ support.

    I'm not familiar with this product or Sonos but this sounds proprietary.

    I don't understand how a company that prides itself on making premium audio products doesn't put security ahead of other software development priorities. One juicy scandal can cause way more damage than the modest cost of implementing readily-available SMB2-3.11 server/client software packages.

    Not reimplementing any part of the product is more profitable and most computer users are non-technical so they don't understand what SMB is let alone which revision is known to be insecure. Users should be advised to liberate themselves from Sonos' control over the user's computers; seek other ways to play the audio, ways that respect a user's freedom to run, modify, and share (including commercially). Perhaps reconsider Sonos if they distribute products that respect a user's software freedom. After all, if the security issues you describe are important enough that should be sufficient justification to seek the freedoms you deserve with or without Sonos' help.

    --
    Digital Citizen
  35. Thanks, Obama! by Anonymous Coward · · Score: 0

    This is all because of crap the NSA did while Obama was in office.

  36. Re:All car has always a backdoor, the 3rd or 5th d by Anonymous Coward · · Score: 0

    so,
    the TLDR is

    You are a fucking idiot?

  37. Re:All car has always a backdoor, the 3rd or 5th d by bengoerz · · Score: 1

    Disabling SMB1 is not enough to stop the EternalRocks worm, which includes the EternalChampion (SMB2) and EternalSynergy (SMB3) exploits.

  38. Re:All car has always a backdoor, the 3rd or 5th d by TheFakeTimCook · · Score: 1

    Disabling SMB1 is not enough to stop the EternalRocks worm, which includes the EternalChampion (SMB2) and EternalSynergy (SMB3) exploits.

    Have I mentioned that I hate Windows?

  39. Re:All car has always a backdoor, the 3rd or 5th d by Anonymous Coward · · Score: 0

    I'd love to see it get through my firewalls, past my AV, overcome my system permissions and magically affect my backups, lol.

    These exploits are script-kiddie level. I don't need to patch anything because my shit is secured.