As I wrote yesterday, lots of businesses around the world got hit by a piece of ransomware that exploits a Windows Server Message Block (SMB) bug to spread automatically through networks. Microsoft patched this flaw two months ago and now the company made the unusual decision to issue this update for unsupported versions of Windows to help stop the spread of the Wcry worm (aka WannaCry and Wana Decrypt0r).
Despite having reached the end of its life over three years ago, Microsoft just rolled out the MS17-010 patch for Windows XP. Additionally, other unsupported versions of Windows like Windows 8 and Windows Server 2003 also received the patch.
"Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download," Microsoft said in a statement. "This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind."
Researchers believe that Wana Decrypt0r — also referenced online as WCry, WannaCry, WannaCrypt, and WanaCrypt0r — infected over 78,000 computers.
Interestingly, the Wcry outbreak was stopped yesterday evening as a security researcher from MalwareTech discovered a domain name inside the code of the worm. This domain name was not registered so the security researcher decided to register the domain (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) to see what would happen.
Much to his surprise, he had accidentally stumbled upon a kill switch. The worm makes a pre-infection check to the domain and stops the infection process if the domain exists. Nice job!
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
However, this is just a temporary fix as by changing a couple of lines of code the attacker can
create a new strain of the worm. The only solution is to ensure your system or systems are fully patched.