XPost: alt.comp.os.windows-xp, microsoft.public.windowsxp.general   
   From: nospam@needed.invalid   
      
   Steve Hayes wrote:   
   > On Sun, 14 May 2017 01:59:21 -0400, Paul    
   > wrote:   
   >   
   >> This one can be delivered in two stages:   
   >>   
   >> 1) Real threat arrives as an email attachment.   
   >>    Employee clicks attachment. Weapon is armed.   
   >>   
   >> 2) Now, the malware is inside the network, on the LAN   
   >>    side of the router. Port 445 is open on other machines   
   >>    on the LAN, allowing a worm-like attack. So now it   
   >>    spreads to all your machines, like it was Sality.   
   >>   
   >>    This threat really isn't all that much different than   
   >>    some other Ransomware, which can encrypt any file shares   
   >>    that it can discover. Existing Ransomware could do a lot   
   >>    of damage in any case. The new vector will just be   
   >>    doing a much-more-complete exploitation. You still   
   >>    have to do (1) to let them in.   
   >>   
   >> If you are the sole occupant of your home LAN, and   
   >> have half-a-clue about email attachments, your risk   
   >> is low. And the NAT IPV4 router you use with your broadband   
   >> connection should be enough.   
   >   
   >   
   > Thanks for that.   
   >   
   > None of the articles I've read said how it was delivered, and someone   
   > in a comment on Facebook said it was not delivbered by e-mail   
   > attachment but by a backdoor.   
      
   Well, it has to get *in* somehow. And most people, by "luck"   
   will not have port 445 facing outwards. If you were doing   
   that, something probably would have happened to you over   
   the years anyway.   
      
   Even the router itself is not bulletproof. At one point,   
   there was an exploit that affected 70 different models of   
   home routers. The reason for that, is the firmware used   
   was written by one company, so the same bug was present   
   across a broad range of products. Your router is a   
   computer too, and the quality of the code running in   
   there is just as important.   
      
   *******   
      
   A buddy at work one day, comes running over to my desk at   
   about 4PM in the afternoon and says "hey, I'm on someones   
   hard drive [on the Internet], I can see all their   
   files and their email - should I email them a warning?". Now,   
   the first question that comes to mind is "what the hell have   
   you been doing?". Since I don't have time on a given day,   
   to discover what my fellow monkeys are up to, I had   
   no trouble answering "yes, of course, email them and   
   tell them to fix it". Was it a honey pot ? My guess is,   
   it's someone just as stupid as my buddy :-) So if   
   you did connect your PC directly to the ADSL modem   
   (no router), and then shared C: to "Everyone", that's   
   what happens. If that machine was still operational today,   
   somewhere on the Internet, it probably has a Ransomware dialog   
   on the screen.   
      
       Paul   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)