Internet crime, Malware, Microsoft, Security, Things that are bad, Windows

WannaCry update

Leave a comment

According to Kaspersky Labs, almost all of the computers infected with WannaCry (WCry, WannaCrypt) were running Windows 7. A small percentage (less than 1%) were running Windows XP.

Microsoft released updates in March 2017 which — if installed — protect Windows 7 computers from WannaCry infections. So all those Windows 7 WannaCry infections were only possible because users failed to install updates. This is a good argument for either enabling automatic updates, or being extremely diligent about installing updates as soon as they become available.

A researcher at Quarkslab discovered a method for decrypting files encrypted with WannaCry, although it only works on Windows XP, and only if the computer has not been restarted since the files were encrypted.

Building on the discoveries of Quarkslab, researchers at Comae Technologies and elsewhere developed a tool that can decrypt files encrypted by WannaCry on Windows 7 as well as XP. The new tool — dubbed wanakiwi by its developers — uses the same technique as its predecessor and has the same limitation: it doesn’t work if the infected computer has been restarted since encryption occurred.

The Register points out that while the NSA was hoarding exploits, Microsoft was doing something similar with patches. Microsoft is in fact still creating security updates for Windows XP and other ‘unsupported’ software; they just don’t normally make those updates available to the general public. Instead, they are only provided to enterprise customers, which pay substantial fees for the privilege. When Microsoft released the Windows XP patch in response to the WannaCry threat, the patch was already developed; all Microsoft had to do was make it available to the general public. Sure, developing updates costs money, and Microsoft wants to recover those costs somehow, but it seems clear that we would all be better off if they made all updates available to everyone.

Bruce Schneier provides a useful overview of WannaCry, and how best to protect yourself. From the article: “Criminals go where the money is, and cybercriminals are no exception. And right now, the money is in ransomware.”

Update 2017May21: Analysts have confirmed that WannaCry’s initial infections were accomplished by scanning the Internet for computers with open Server Message Block ports, then using the EternalBlue SMB exploit to install the ransomware. Once installed on any computer, WannaCry spread to other vulnerable computers on the same local network (LAN). Earlier assumptions about WannaCry using spam and phishing emails to spread were not accurate.

Internet crime, Malware, Microsoft, Patches and updates, Security, Things that are bad, Windows

WannaCrypt variants infecting systems worldwide

Leave a comment

The accidental stifling of WannaCrypt’s spread was too good to last, apparently. New versions of the ransomware — unaffected by the serendipitous domain registration of a security researcher — are now making their way around the world. You can even watch the malware spread using MalwareTech’s WannaCrypt live feed.

Our advice remains the same: make sure all your Windows computers have the relevant updates installed, including Windows XP. Microsoft’s Customer Guidance for WannaCrypt attacks is a good place to start; there are links to the updates at the bottom of that page. For more information about the exploit used by WannaCrypt, see Microsoft’s MS17-010 bulletin from March 14.

SANS has a good summary of the technical aspects of WannaCrypt.

Update 2017May16: There’s plenty of blame to go around for this mess. Microsoft is being criticized for abandoning Windows XP when it’s still widely used. Meanwhile, Microsoft is blaming the NSA’s vulnerability hoarding.

Internet crime, Malware, Microsoft, Patches and updates, Security, Things that are bad, Windows XP

WannaCrypt ransomware: Microsoft issues updates for unsupported Windows

Leave a comment

Ransomware known as WannaCrypt (aka WCry, WannaCry) has already crippled as many as 75,000 unpatched Windows computers in Europe and Asia. So far it hasn’t done much damage in North America, but that could change quickly.

The flaw WannaCrypt uses to infect Windows computers was patched by Microsoft in March, but unpatched computers and those running unsupported versions of Windows were left unprotected.

Microsoft has long since stopped releasing security updates for Windows XP, but WannaCrypt is spreading quickly, and Windows XP computers are essentially defenseless against it. So Microsoft has taken the unprecedented step of publicly releasing an update that protects Windows XP computers from the flaw that WannaCrypt uses to spread.

If you manage any computers that run Windows XP, you should install the update immediately: download update for 32-bit Windows XP Service Pack 3. There’s more information about this from Microsoft.

Techdirt points out that the flaw WannaCrypt exploits was exposed in the recent NSA tool leaks. Which is exactly the problem when security organizations hoard flaws instead of reporting them responsibly.

Update 2017May14: Apparently a security researcher at MalwareTech registered a (previously unregistered) domain used by WannaCrypt as part of his investigation into the ransomware. This is standard practice, because it often allows researchers to gain a better understanding of their subject. Surprisingly, this move stopped WannaCrypt from doing any further damage.

The latest guidance from NCSC.

Opera, Patches and updates

Opera 45: user interface and ad-blocking improvements

Leave a comment

Though it’s not mentioned until close to the end of the page, a recent announcement on the Opera blog entitled ‘Opera is Reborn‘ is actually about a specific new version of the browser: 45.

Opera 45 includes numerous changes to the user interface, mostly related to aesthetics: colours, backgrounds, icons, and animation. The integrated ad-blocker now reloads pages automatically when ad blocking is switched on and off. Social messaging software (Facebook Messenger, WhatsApp and Telegram) is now integrated into the sidebar. Video performance is improved slightly on some hardware. And you’ll now see warnings below password and credit card fields on web sites that don’t support encryption.

Many of Opera 45’s changes come from the experimental browser Neon, which Opera released a few months ago to test some ideas and elicit user feedback.

You can peruse the full change log for more information. That log includes changes to development and pre-release versions as well.

Edge, Microsoft, Things that are bad, Windows 10

Don’t use Edge to print or create PDF files

Leave a comment

A bizarre bug in Microsoft’s Edge web browser is baffling users. Depending on the selected printer and other factors, attempting to print a PDF file, or use Edge’s ‘Print to PDF’ function, will cause random changes in the output. The changes are difficult to detect: we’re not talking about the usual kind of printer garbage. For example, users are reporting shifted cell numbers, added words and symbols, and substitution of words and characters.

If you’re printing invitations to a neighbourhood barbecue, this issue is unlikely to cause any serious problems, but what if you’re printing legal, medical, or architectural documents?

Microsoft hasn’t said much about this yet, but according to at least one bug report, they are at least aware of the problem. Which is good, because Microsoft just announced that Windows 10 is running on 500 million devices; Edge is the default browser on all those devices, and Print to PDF is the default printer on many.

My advice? If you use Windows 10, don’t use Edge at all if you can avoid it: try Firefox or Chrome. If you must use Edge, use a different PDF reader to view and print PDF files. Adobe’s Reader is free and actually works as expected.

Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.

Close

Ad-blocker not detected

Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.