MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically.
Search the Community
Showing results for tags 'Malware'.
Found 4 results
alacran posted a topic in Technology NewsLink: https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-outbreak-temporarily-stopped-by-accidental-hero-/ A security researcher that goes online by the nickname of MalwareTech is the hero of the day, albeit an accidental one, after having saved countless of computers worldwide from a virulent form of ransomware called Wana Decrypt0r (also referenced as WCry, WannaCry, WannaCrypt, and WanaCrypt0r). What MalwareTech did was spend around £10 to register a domain he found in the ransomware's source code. Security researcher finds ransomware kill switch The researcher discovered that the virulent and self-spreading Wana Decrypt0r ransomware was making a pre-infection check to a domain located at iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. If the domain was unregistered, the ransomware would start encrypting files. But if the domain was registered, the ransomware would stop its infection process. By registering this domain, MalwareTech had accidentally triggered a worldwide kill-switch for the ransomware's self-spreading feature. Everyone needs to update their computers! "It's very important everyone understands that all they [Wana Decrypt0r gang] need to do is change some code and start again," MalwareTech explained last night. "Patch your systems now!" The Wana Decrypt0r ransomware used a self-spreading mechanism derived from an NSA exploit leaked by the Shadow Brokers. That exploit can be mitigated by installing the patches included with Microsoft security bulletin MS17-010. Additionally, Microsoft has released an update for older operating systems that are no longer officially supported, such as Windows XP, Windows 8, and Windows Server 2003. The update can be downloaded from here. People already infected with this ransomware will not get their files back just because that domain was registered. It means that no new infections will occur with yesterday's strain. Currently, there's no known method of breaking the ransomware's encryption. The only viable method of getting files back at the moment is from previous operating system backups, and by paying the ransom note, as a last resort. During yesterday's ransomware outbreak, MalwareTech also created a tracker for Wana Decrypt0r victims, and a live map, showing infections in real time, which is now terribly silent. For those affected, you can discuss this ransomware and receive support in the dedicated WanaCrypt0r & Wana Decrypt0r Help & Support Topic. Bleeping Computer also published a technical analysis of the Wana Decrypt0r ransomware. That exploit can be mitigated by installing the patches included with Microsoft security bulletin MS17-010 : https://technet.microsoft.com/en-us/library/security/ms17-010.aspx Additionally, Microsoft has released an update for older operating systems that are no longer officially supported, such as Windows XP, Windows 8, and Windows Server 2003. The update can be downloaded from here: http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598 alacran
alacran posted a topic in Technology NewsFirst let me tell you I am a Windows user since v3.11, second I don't use any version of Linux on my PC, but with recent info about privacy issues in Win10 I don't know how this is going to end. Free Software Foundation article: "Microsoft's Software is Malware" is here: http://www.gnu.org/proprietary/malware-microsoft.en.html I know they are using this to promote free software as Linux, but I think reading the full page and all links in it is someting we all shoud do and then make our own conclusions. Best Regards
alacran posted a topic in Technology NewsWindows Updates Can be Intercepted to Inject Malware into Corporate Networks If you think that the patches delivered through Windows update can not be laced with malware, think again. Security researchers have shown that Hackers could intercept Windows Update to deliver and inject malware in organizations. Security researchers from UK-based security firm ‘Context’ have discovered a way to exploit insecurely configured implementations of Windows Server Update Services (WSUS) for an enterprise. What is WSUS in Windows? Windows Server Update Services (WSUS) allows an administrator to deploy the Windows software update to servers and desktops throughout the organization. These updates come from the WSUS server and not Windows server. Once the updates are with the administrator on the server, he can limit the privilege for the clients in a corporate environment to download and install these updates. As the admin is the owner of the distribution of these updates. Intercepting WSUS to Inject Malware into Corporate Networks By default, WSUS does not use SSL encrypted HTTPS delivery for the SOAP (Simple Object Access Protocol) XML web service. Instead, it uses the non-encrypted HTTP. This is a major WSUS weakness that should not be ignored now. (At least when it has been exploited and shown to the world). As WSUS installations are not configured to use SSL security mechanism, hence they are vulnerable to man-in-the-middle (MitM) attacks. According to researchers Paul Stone and Alex Chapman, the attack is so simple that a hacker with low privileges can set up fake updates that can be installed automatically by connected machines. All update packages that are downloaded from the Microsoft Update website are signed with a Microsoft signature. Which cannot be altered. However, Hackers can alter Windows Update by installing malware in the metadata of the update. "By repurposing existing Microsoft-signed binaries, we were able to demonstrate that an attacker can inject malicious updates to execute arbitrary commands," researchers said in the paper. A malicious attacker can inject malware in the SOAP XML communication between the WSUS server and the client and making it look purely authentic update to install. Windows update also includes more than 25,000 of 3rd-party drivers that are developed and signed by other developers, which can also be altered easily. “Our concern is that when plugging in a USB device, some of these drivers may have vulnerabilities that could be exploited for malicious purposes. Everyone is familiar with the 'searching for Drivers' and ‘Windows Update' dialog boxes on their desktops – but these seemingly innocuous windows may be hiding some serious threats.” So, now it can be a big security threat for the new Windows 10. Either the corporates are going to live in the era of old Windows or upgrade and welcome the malware! The researchers demonstrated the hack at the Black Hat security conference in Las Vegas this week in a talk titled, WSUSpect: Compromising the Windows Enterprise via Windows Update. PDF Source: http://thehackernews.com/2015/08/windows-update-malware.html
Shaman posted a topic in nLiteHello, I've been using nLite from the older days (when SP3 had just come out). My interest is now renewed since MS will abandon XP for good soon. I've read the FAQ, and have succeded in fully upgrading my CD with the latest updates (save for .NET and Search and possibly a few more). I have some general questions: 1) Obviously I've been using nLite so I do trust the application, but aside from that, is there a "trust guarantee" of some sort that nLite is free of malware and whatnot? For example, source code would be a good "trust guarantee" in this situation. I wouldn't want to miss it, if I can have it. Same for WMP 11 Slipstreamer. 2) Windows Update Agent 3.0 does not work for me. It slipstreams alright with nLite, but apparently it does not get installed, because I can re-install it afterwards (and the issue it was supposed to solve which is Windows Update 0x8024D001 error code, does not get solved until I re-install it). Apparently, it must be installed AFTER windows is activated. Any input on this? Links (I'm referring to the x86 version only): http://download.windowsupdate.com/windowsupdate/redist/standalone/7.2.6001.788/windowsupdateagent30-x86.exe http://download.windowsupdate.com/windowsupdate/redist/standalone/7.2.6001.788/windowsupdateagent30-x64.exe 3) How can I be sure that nLite has slipstreamed EVERY update properly? Any guarantees on this? Or do I only have to rely on the fact that I get no error (However I got no error slipstreaming windows update agent 3.0 either!)? Does nLite have specific instructions for every KB update? What about the reports I;m reading on the forum that it cannot integrate certain KBs (which, in my case slipstreamed correctly, again apparently)? Thank you all