Hackers Are Trying to Reignite WannaCry With Nonstop Botnet Attacks

WIRED | 5/19/2017 | Andy Greenberg
ziggy1023 (Posted by) Level 3
Click For Photo: https://www.wired.com/wp-content/uploads/2017/05/WannaCry_HP-97228717-1200x630.jpg




OVER THE PAST year, two digital disasters have rocked the internet. The botnet known as Mirai knocked a swath of major sites off the web last September, including Spotify, Reddit, and The New York Times. And over the past week, the WannaCry ransomware outbreak crippled systems ranging from health care to transportation in 150 countries before it an unlikely “kill-switch” in its code shut it down.

Now a few devious hackers appear to be trying to combine those two internet plagues: They’re using their own copycats of the Mirai botnet to attack WannaCry’s kill-switch. So far, researchers have managed to fight off the attacks. But in the unlikely event that the hackers succeed, the ransomware could once again start spreading unabated.

WannaCry - Ransomware - Worm - Internet - Friday

Since the WannaCry ransomware worm began to fan out through the internet Friday, security researchers noticed a curious feature. When it infects a computer, it first reaches out to a certain random-looking web address, apparently as part of a check that it’s not running in a “sandbox” environment, which security researchers use to test malware samples safely. If WannaCry connects to a valid server at that specified domain, the ransomware assumes it’s under scrutiny, and goes dormant.

Marcus Hutchins, a 22-year-old cybersecurity analyst for the security firm Kryptos Logic, spotted that trait last week, and immediately registered the web domain in WannaCry’s code. In doing so, he effectively neutered the malware, cutting short what would have otherwise been a far worse epidemic, and instantly becoming a minor celebrity in cybersecurity circles.

Hackers - Armies - Zombie - Devices—webcams - Modems

Since then, hackers have directed armies of zombie devices—webcams, modems, and other gadgets caught up in the expansive Mirai botnet—to funnel junk traffic to the kill-switch web address, also called a “sinkhole,” a site security researchers direct malware to in order to contain it. The presumed intention? Knock the domain offline, trigger...
(Excerpt) Read more at: WIRED
10 other people are viewing this story
Wake Up To Breaking News!
It just doesn't get bettere than this...
Sign In or Register to comment.