XPost: alt.comp.os.windows-xp, microsoft.public.windowsxp.general   
   From: hayesstw@telkomsa.net   
      
   On Sun, 14 May 2017 01:59:21 -0400, Paul    
   wrote:   
      
   >This one can be delivered in two stages:   
   >   
   >1) Real threat arrives as an email attachment.   
   >    Employee clicks attachment. Weapon is armed.   
   >   
   >2) Now, the malware is inside the network, on the LAN   
   >    side of the router. Port 445 is open on other machines   
   >    on the LAN, allowing a worm-like attack. So now it   
   >    spreads to all your machines, like it was Sality.   
   >   
   >    This threat really isn't all that much different than   
   >    some other Ransomware, which can encrypt any file shares   
   >    that it can discover. Existing Ransomware could do a lot   
   >    of damage in any case. The new vector will just be   
   >    doing a much-more-complete exploitation. You still   
   >    have to do (1) to let them in.   
   >   
   >If you are the sole occupant of your home LAN, and   
   >have half-a-clue about email attachments, your risk   
   >is low. And the NAT IPV4 router you use with your broadband   
   >connection should be enough.   
      
      
   Thanks for that.   
      
   None of the articles I've read said how it was delivered, and someone   
   in a comment on Facebook said it was not delivbered by e-mail   
   attachment but by a backdoor.   
      
      
   --   
   Steve Hayes   
   http://www.khanya.org.za/stevesig.htm   
   http://khanya.wordpress.com   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)