The Story Behind the WannaCry Heroes

  • Thread starter Thread starter jedishrfu
  • Start date Start date
Click For Summary
SUMMARY

Two researchers successfully halted the spread of the WannaCry malware by registering its command and control server domain, effectively creating a "kill switch." Despite facing DDoS attacks from the Mirai botnet and pressure from journalists, their continuous monitoring of the domain was crucial in preventing further infections. The discussion highlights the ongoing battle between cybersecurity defenders and attackers, likening it to a game of rugby where control of the "ball" shifts between parties. The narrative suggests cinematic potential, emphasizing the heroism and challenges faced by those combating digital threats.

PREREQUISITES
  • Understanding of malware and its propagation methods
  • Familiarity with domain registration processes
  • Knowledge of DDoS attacks and their implications
  • Basic concepts of cybersecurity, particularly regarding botnets
NEXT STEPS
  • Research "WannaCry malware analysis" for in-depth technical understanding
  • Learn about "DDoS mitigation techniques" to protect against similar attacks
  • Explore "domain registration and DNS management" for cybersecurity applications
  • Investigate "botnet architecture and behavior" to comprehend their operational strategies
USEFUL FOR

Cybersecurity professionals, malware analysts, and anyone interested in understanding the dynamics of digital threats and defenses.

jedishrfu
Mentor
Insights Author
Messages
15,622
Reaction score
10,404
Two researchers tracking the spread of the WannaCry malware register its command and control server domain and stop WannaCry in its tracks.

The sinkhole that saved the internet
http://flip.it/rEjmXF
 
  • Like
Likes   Reactions: mfb, Tom.G and phinds
Computer science news on Phys.org
Fascinating. Thanks for posting.
 
  • Like
Likes   Reactions: jedishrfu
What got me about this story is that even while these two guys are holding onto the domain there's another entity trying to bring it down via DDOS and then there are yet other friendly entities who provide technical support and equipment to keep it up but the whole effort still relies on these two guys watching the domain server day and night.

Lastly, there's the journalists, driven to get their story, trying to DOX the heros and in doing so almost scuttling the effort of keeping up the domain server.

And through all that there are still machines infected with the virus ready to encrypt once the domain falls.

I feel there's a real movie potential here. Good guys, bad guys, digital chase scenes ala Wargames and a good guy with a checkered past.

Ten after all is said and done the hero gets arrested for things he did in his teen years where he likely honed his hacking skills, skills he needed to fight this world wide menace.

So epic!
 
jedishrfu said:
I feel there's a real movie potential here. Good guys, bad guys, digital chase scenes ala Wargames and a good guy with a checkered past.
How sad that Mad Magazine is gone. Their Spy Vesus Spy column fit this theme perfectly.

246332


The take away lesson is that the Spy Versus Spy struggle never ends.
 
  • Like
Likes   Reactions: jedishrfu
There's a kind of Rugby nature behind this. I get the ball and run a bit before I stumble and drop the ball. Someone takes the ball and continues running while we chase trying to get it back.

In the end the guy with the ball wins or is winning until he/she too drops the ball and someone else picks it.
 
@jedishrfu I am not into too much of these hacking technologies, so can you answer a few questions?

What is meant by "registering the domain"?

And what is the "kill switch"? The article said that botnet Mirai tried to bring down the kill switch by attacking it with excess web traffic. How does this kill switch work?
 
Wrichik Basu said:
@jedishrfu I am not into too much of these hacking technologies, so can you answer a few questions?

What is meant by "registering the domain"?

And what is the "kill switch"? The article said that botnet Mirai tried to bring down the kill switch by attacking it with excess web traffic. How does this kill switch work?
the virus does an http get to iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com/ and exits if any replay comes back. see https://blog.talosintelligence.com/2017/05/wannacry.html
This might have done to prevent execution of the worm in a sandbox, which might reply to any domain contacted from within the sand box. If you register the domain, dns servers on the internet will give the ip address(ses) for your server(s) to any computer that tries to look up the above domain name. If you then make sure there's an http server with that ip address, the virus will get an answer, and exit and not propagate.
 
willem2 said:
prevent execution of the worm in a sandbox

Also you can inoculate your own and other friendly networks from the threat.

BoB
 
  • Like
Likes   Reactions: krater

Similar threads

Autonomous research with large language models
  • · Replies 3 ·
Replies
3
Views
3K
Current and Future AI Threats to Humanity and the Human Response
  • · Replies 10 ·
Replies
10
Views
5K
The Scientist as Hero - or not
  • · Replies 1 ·
Replies
1
Views
3K
Calculators Virus Removal, New viruses acting as anti-virus scanners
  • · Replies 17 ·
Replies
17
Views
16K
100 Processors on a Single Chip
  • · Replies 4 ·
Replies
4
Views
2K
Anyone sick and tired of all the fancy techy stuffs?
  • · Replies 22 ·
Replies
22
Views
2K
Coccidioidomycosis, deadly fungal disease, no effective cure
  • · Replies 11 ·
Replies
11
Views
1K
Carrier IQ Your cell phone's secret big brother
  • · Replies 1 ·
Replies
1
Views
2K
Oculus Rift VR Headset | Kickstarter | MTBS3D
  • · Replies 15 ·
Replies
15
Views
7K
MHB Online Sage Commands at the Sage Cell Server
  • · Replies 3 ·
Replies
3
Views
6K