from last weekend, accurately, May 12, "COINS blackmail virus" WannaCry (or WannaCrypt, WannaCrypt0r) across the globe.
once the computer infected by this virus, all files will be encrypted in a computer lock, unless within a specified time to pay $300 worth of COINS to rescue, double overtime amount;If the user chooses to refuse, so in a computer file may be completely empty.WannaCry first broke out from Europe, in successive attacked Spain's telefonica and Britain's National Health Service system, the NHS, the National Health Service), fedex and db, and other large state-owned and commercial institutions after the computer quickly spread to all over the world.At home, shandong university and other colleges and universities and some government computers became WannaCry first victim.
the number of computers are affected is still on the rise.According to the report of 360 security center, as of May 15, 2017, hundred countries around the world more than 10 m organizations and institutions by the virus.Home, only 12 to 13, two days there are 29000 public IP addresses have been infected, and more connected to the IP is temporarily unable to monitor;It's just over the weekend, to know the working days arrived, a large number of organizations in the same network computer once I start work, as long as one infected will spill all the computers in the LAN - this means that there are potential victims.
special ironically, domestic security companies who likes to show off the most is that the installed capacity and permeability, according to media reports, 360 security guards on the PC to live up to 523 million, permeability is as high as 98%;Tencent computer keeper of the installed capacity of 350 million, baidu security guards installed capacity of 300 million, (jinshan) DuBa installed capacity over hundred million, live 50 million...Almost everyone in China, will be installed on Windows computers have at least a "safeguard" or "computer butler" anti-virus software.But the big Internet security company can only deal with afterwards, but failed to as usual in advance can resist the virus attack.
and, if you have seen PingWest PinWan previously reported on this virus will know, WannaCry is "the eternal blue" behind, with the level of a system is Windows vulnerabilities - but this vulnerability as early as march this year, Microsoft blocked by means of system updates.
but we still overnight I dare not to login back to the unknown web sites, to insert a usb computer era will be fearful.
Internet and no security more and more, just changed a dangerous pattern
story back in the summer of 2016, the us election has yet to begin, hacker war made this election is one of the greatest science fiction of the time.Anarchism hacker groups Shadow Brokers in August when the invasion of the department of the NSA's intelligence organisation Equation Group, and to steal, including eternal blue dozens of widely exist in Windows, Android and iOS.If you are a lover of science and technology, may remember the apple, the NSA, Shadow describe between Brokers and the FBI in an attempt to unlock the iPhone.
but the Shadow Brokers is not good.After steal these holes, they tried to these holes to sell for about $500 million, because of the high prices, led to a deal is not complete.
time turns in April 2017, Shadow Brokers who auction hopeless, will from the NSA, including eternal blue steal a loophole in the packaging upload a lot, and released a few days after the package decompression code password.
at this point, to extort the basis of the spread of the virus, "the eternal blue" vulnerability is exposure to all people.This vulnerability by using early versions of Windows on file sharing a loophole to implement network transmission, that is to say, as long as your computer is this vulnerability, even don't do any operations can be in company, school, family other networked computer infection.
in wikipedia entries recorded more detailed and comprehensive about the outbreak of WannaCry record
after WannaCry broke out, many people mentioned a panda.In Chinese experience, it seems that since the panda, no like just a virus outbreak WannaCry that caused extensive concern of society.Indeed, over the past few years, the worm number have been falling.
unfortunately, Internet "safer" is just an illusion.
according to the many Internet security threat report in December 2016 (72), according to the total infection in China during the month end 2.81 million, 660000 worms, Trojan has more than 2.15 million.Worm gradually reduce the most important reason is: make the worm authors cannot gain profit from the worm.
after the panda event, Chinese hackers to realize manufacturing and spreading the virus exists huge risks, so as to seek higher yields, gray and black industry and virus is no longer in order to "destroy the user's computer" as the main form of attack.After the worm in the computer slows down, the file can't open, the program will crash, but the Trojan virus is the pursuit of "user experience" - it runs silently in the background, can let users.
a Trojan virus can control of infected computers, make the whole computer as used by hackers.In the whole black chain of Trojan virus, a chicken (infected computers) just like in a modern chicken processing line: there will be a special people to judge how the performance of the machine, whether can be used to attack other people's computer, whether can be used to collect some data, whether can be directly steal the owner's bank or financial information, and so on.
Trojan virus is "best" of the industrial chain to do behind, before the residual value is completely drained, the virus does not generally choose "steal account this will directly cause the user alert" behavior.This is what makes many users think "itself in a long time no poison".Even before WannaCry may have other trojans using the "eternal blue" invasion of the user's computer, but not widely attention, because they will not affect the normal use of computers.
as stated above, qing trojans, worms, decay, WannaCry was the second spring gave the ancient virus.It attacks are very blatant radical: directly to the user's important document encryption lock.
prior to 2013, involving the extortion, transfers, remittances virus is not a good idea.Because hackers in the bank each withdrawal is a foundation.This will direct exposure to sunlight let black industry chain.
until the currency.
double-edged COINS: it will really become a hacker accomplices?
"COINS blackmail virus" the name of the media to create is very misleading.
the name as if to say "COINS is blackmail you", but the essence of this virus is producers - the virus blackmail you, it is demanding a ransom of currency - a status of the virtual currency can be completely hidden credit account.
in the currency media babbitt wrote in an article:
this hacker blackmail software existed since 1980.According to the data shows, Cyence hackers tend to lock in some of hospital and enterprise information level is not high, the average single ransom payments in 500 to $1000.And as a result of the existence of the currency, the world than blackmail stolen credit card crime, such as more low cost and low risk.
the currency for the hacker community does not want to take the blame, but admitted that the reason the blackmail virus will find COINS, the reason has a lot to do with the characteristics of the currency.
according to the Wiki entry "known virus and worm history list" records, extortion CryptoLocker virus as early as in 2013 was born in September, in addition to the spread of use in a different way, in such aspects as encrypted user files and currency payment on May 12, 2017 outbreaks of WannaCry almost the same.
then, in February 2016 and October 2016 blackmail is different virus outbreak of small-scale, all is in the mode of transmission is slightly different, operation pattern without any change.
"COINS circle reflects the special detachment on the event."Tension, some COINS platform enterprise market in hear me to interview about 512 COINS, head of the blackmail virus so says, "the emergence of the virus is not a day for two days, circles have been actually didn't think it will be a focus on the outbreak of the day."
COINS in many media reports to qq COINS, but the metaphor is inappropriate.If your qq COINS if stolen, can look for tencent back complaint.COINS are by mine pool "production", but the currency is not issued by mine pool, mine pool and currency exchange are impossible to implement on the currency like tencent on qq COINS "management".
and the currency is not issued by any specific organization and management, it is like a completely transparent banking institutions.How many COINS you have, all to see, and have been approved - so we can all from books, block chain that records the history of all the currency transactions in the database to see how many people have paid to hackers "ransom" -- but not know who is a hacker.
one of the "hacker account" real-time transaction records
COINS fan @ Song Linfeng _, on weibo unveiled his collected four blackmail account, by 12 noon on May 15, 2017, the four accounts a total of 25.00, received the currency trading times, 159 times.Compared with the number of infections, the outbreak after 48 hours to pay ransom amount is not much.
although the currency and not a lot of flowing into the hacker's account, but the currency prices are affected by the hackers slightly higher, in already achieved 9000 yuan high under the condition of every broke through ten thousand yuan.
according to the current currency price 10690 yuan/a calculation, the hacker's total revenue of RMB 260000.Hackers will no COINS from these accounts, but the currency of this digital currency "security" to ensure that no one can recover the ransom.
"we think this is the currency in public perception and a more successful PR, although every time such a PR is negative news. But in fact, every time after negative there are some people who are interested in COINS to realize COINS, chain blocks is a very valuable new technology... I don't think this is the currency view, the current domestic several big commercial Banks and big companies such as IBM have been applied in research of COINS and chain blocks, regulatory rules are also gradually grope. Some of these are developing stage..."The market, said, "once you volunteered to put the COINS to the hacker, even police stepped in, is also unlikely to send a notification to freeze accounts then put COINS come back."
formal business organizations is also took a fancy to block chain "advantages", it ruled out a financial trading system and the policy of the two biggest uncertainty, different regimes and the degree of credit and the company can trade in the same set of trading system. but it is this characteristic that brought the hackers can take advantage of - anonymous, instant, cannot be modified, you have no chance to recover once the deal was done.
however, COINS circle of "extortion users directly" the hacker emerging liquidation channels do not look good, because there are two main points:
a, for the average person, pay the ransom process is too complicated;
2. At present, many countries (China, the United States and the European Union countries), the currency and the real currency exchanges between the set up the system level, in the process of the COINS show there is some risk, is not really a "safe" for hackers.
one of the first problem is the currency circle say the hackers to extort money scale is not big -
hackers this custom made different prices in different regions, hope is a wide net "meager profit but high turnover.But for ordinary users, not that much important data to drive them from the beginning to the end to learn how to trade currency.And will use the currency users tend to be "geek", the computer protection is in place.
"we want to ordinary users promotion COINS can be difficult, not to mention the hacker to promote."A currency trading platform, the staff said.
security software, can make your computer more dangerous
in the outbreak of the first time, someone to explode the virus to the backward operating system, in the initial report, there is no lack of school rooms, enterprises and institutions of public computers infected photos, in these photos, Windows XP the iconic blue sky white clouds become blackmail the background of the window.
shortly after the outbreak of the virus, Microsoft made an exception to have put an end to the follow-up maintenance Windows XP issued a patch to fix, but after about XP system has not launched special remedial measures, and the reason is simple: all in the life cycle of Microsoft Windows system has been in March monthly security update fixed on which the virus spread in the hole.
this also explains why the first batch of infected computers in schools and government agencies, for the needs of the unified deployment of services and software, most of these computers running backward operating systems (XP), security maintenance cannot fully in a timely manner.As a result, their vulnerability repair can be "too late".
however, Windows 7, 8, 10, the poisoning of the user is not in a few...Why is this?Reason is the Chinese characteristic: these users active, or under the "help" of security software closed Microsoft automatic update.
outside the education network, many users not timely update system just because the cause of "understanding" of the antivirus software in users don't want to update the system USES this requirement, provides a "closed Win10 system update" and "closed Windows Defender", etc - many anti-virus software destroyed system manufacturers to build the Great Wall, then do with mud on a wall, let the user's system security "look".
in tencent computer butler BBS post about the WannaCry official knowledge, take the initiative to explain the "why Microsoft patch will be released on March shielding"
as a Microsoft operating system vendors, earlier than any third party antivirus software can be found running on Windows platforms of viruses and a loophole in the system itself, and cooperate with system built-in permissions set of functions to modify security issues.Starting Windows 10, Microsoft forced open all the user's automatic update feature, it also caused in weibo and circle of friends, we always see the sun "upgrade" - Windows untimely system updates for the user has brought a lot of problems, but it does have a full range of protection.In addition, Microsoft on Windows 7 start early in the system with built-in antivirus software called Windows Defender.Windows Defender at the early stage of the effect is not very good, but after several years of development, it has become one of the most effective antivirus software on Windows platform.
actually, ordinary genuine Windows users at the same time open automatic updates, the built-in firewall and Windows Defender, actually has not installed the necessary third party antivirus software.
can automatically update and the free antivirus software, are not popular with Chinese users - on baidu, you can search a lot of questions about "how to close the Windows Defender".In ordinary users cognitive, 360, tencent's assistant and baidu guards can be accelerated and protected computer, because they will popup tooltip display own accelerated merits in the lower right corner.While work quietly in the background of Windows Defender became the "PC card" the culprit.
so the security software on the domestic WannaCry resistant effect how?Meal card BBS netizen tg123321 to offline simulation environment (do not update virus library), on the domestic including rising, baidu guards, jinshan drug gangsters, tencent computer keeper, 360 security guards, and rising antivirus 5 software for killing test, the results without intercept WannaCry infections are successful across the dead - and the computer network of a large number of long-term is not connected to the computer.
there is no active shielding Microsoft system update security software?
360 in public opinion said in a report released on May 15, 360 is not active shielding Windows patch, just 200000 in 360, 500 million users the user is not successfully installed patches and attack blocked by security guards.But, in fact, before May 12, Microsoft did not release patches for Windows XP and 7-360 official release in a separate schedule, 360 for the old system (XP, 2003, doing) push Microsoft official at the same time, and time is on May 13th afternoon.
according to the survey statistics institutions StatCounter, mainland China Windows XP and Windows 7 PC terminal today still occupied more than 50% of the market, 360 patch permeability are not consistent with the data.The more credible way of saying it should be, on April 17, 360 in the NSA hole package uploaded when they do the warning, reluctantly and protect the user in advance.
many people laugh at Win10 updates and Win10 update copy, appear by for special at the moment.
do you find, let's exposure under WannaCry virus, it is our own?Finally, we want to borrow this event and the article again, even if is the piracy Win10 streaking, are safer than the original XP + whole kill soft...
change with the user habit of PK, go to the hard-working to update the system.
wepingwest group limited open applications... PingWest PinWan old friends?Why don't you sweep the code into a group chat with customer service