Posted: . At: 4:38 AM. This was 7 years ago. Post ID: 10881
Page permalink. WordPress uses cookies, or tiny pieces of information stored on your computer, to verify who you are. There are cookies for logged in users and for commenters.
These cookies expire two weeks after they are set.

Petya malware has evolved. This is getting worse.

The Petya malware is getting worse, there is a new version of this malware that has no killswitch like the previous version had. There was a source screenshot posted on Twitter that showed a possible killswitch, but this new variant does not have this at all. But simple Common Sense 2017™ will keep you safe. Do not download software from shady websites. And be careful opening E-Mails with attachments and untrusted Word and Excel documents. Possibly even PDF documents. There needs to be a way to detect the payload in the infected file with Linux, this would allow a Linux machine to perform as a scanner to detect infected files before they go on a Windows computer. I wonder how hard this would be? There is some info on this website about the ransomware payload: virustotal.com. In the old days, we used VET antivirus for DOS to scan files for infection. Now we need sophisticated security software to keep us safe from the malware scourge. This is a great time to cash in on the virus scare if you are a programmer and can write a definitive scanner to detect this before a payload is opened on a vulnerable machine.

Why does this not exist yet? I wish I actually knew how this is contracted, but infected files seems the best bet. Using an unpatched old Windows installation is asking for trouble. Best to keep up to date with Windows Update to keep ahead of this. If you have SMB/CIFS running on your Windows installation, then disable it. Blocking SMB port 445 in your router is a good idea. Blocking all ports is a better bet. Disable UPnP as well. The convenience is not worth it. Just configure the ports manually. That is a much better security strategy than allowing software to configure it for you. For creating an Arma 3 server for example, just open port 2302 and then run the game server on that. Simple. More security on the desktop and router is required in this day and age, the malware will continue to evolve and running Windows machines with outdated unpatched installations will get even more dangerous. So more effort is required. I mean some industrial applications run on old 486 and XT machines with 5 inch floppy drives. They are not a target for this malware. Malware writers want to hit the largest attack surface, and this is Windows machines with MS office 2007 and Outlook, they are likely to be unpatched and perfect for attack.

Australian companies, as well as overseas companies have been lazy and negligent in terms of updating Information Technology infrastructure. They will get a wake up call if there computers are infected and they cannot do any work. That would be hilarious. But not for them. Lazyness in IT will bite you in the long run. Especially with Supermarkets infected en-masse. This is really serious. Maybe this will drive more people to free software alternatives instead. Ubuntu or Fedora 25 would be far more secure than an old Windows 7 installation. Seriously.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.