news Hero halts malware by registering a domain name

[BocaVision]

Amazing.

'Accidental hero' finds kill switch to stop spread of ransomware cyber-attack...

The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.

The kill switch was hardcoded into the malware in case the creator wanted to stop it spreading. This involved a very long nonsensical domain name that the malware makes a request to – just as if it was looking up any website – and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. The domain cost $10.69 and was immediately registering thousands of connections every second.

https://www.theguardian.com/technol...tch-to-stop-spread-of-ransomware-cyber-attack

 

[Constantin S]

Seen this on reddit's front page, awesome...country I live in was also very affected by this stupid ransomware.

 

[Premiums]

 

[Premiums]

 

[AllieO]

Has this been mentioned elsewhere? I see wannacry.com was registered in February 2017. If it's not connected I wouldn't like to be the holder.

 

[Jv1999]

If only he was a domainer and an NP member. . . That would be soooo dreamy <3

Then NP would get brief media coverage.

And our auctions would get 1000x bids

And then domaining would have a +rep

Also, did anyone else notice he spent $10.xx on the reggae? This dude definitely isn't a domainer. He didn't even bother to sign up with GD and get it for $1? or at /least/ use namesilo @ $8?

But it could be worse -- he could've just paid $15 for it @ GD normal prices like I did for some of mine </3

 

[Michael M]

Wow... How did the big security companies not see this first?

Thinking as they should one of the first things they would do is look at what traffic a specific virus or piece of malware may transmit. If they were to see the domain it was trying to contact did not exist - how did they not register it out of curiosity to see what information it is trying to transfer or what the purpose of trying to lookup/connect to that domain had?

I guess they need to hire this kid... and they probably will. But honestly, someone in the industry should have been way ahead of that.

 

[platey]

Saw an article on it today but saw it on np first

But I reckon it is database and or search engine based eg it was a domain name this time but I reckon it could or has been an unused profile username that has not been registered yet and or an unregistered email address etc as by default it can never be registered even with privacy etc

I reckon it will always be unregistered and can work in any database and or search engine and as most websites have a search box on their website etc it's opportunities are endless

Purely my opinion as database and search engines, sequences and patterns etc are an interest of mine

But because it is not trackable as it will never be registered etc which by default makes it trackable etc

 

[Michael M]

Saw an article on it today but saw it on np first

But I reckon it is database and or search engine based eg it was a domain name this time but I reckon it could or has been an unused profile username that has not been registered yet and or an unregistered email address etc as by default it can never be registered even with privacy etc

I reckon it will always be unregistered and can work in any database and or search engine and as most websites have a search box on their website etc it's opportunities are endless

Purely my opinion as database and search engines, sequences and patterns etc are an interest of mine

But because it is not trackable as it will never be registered etc which by default makes it trackable etc

Generally they don't put a "kill switch" in them, so it was an oddity. But yea. Someone could use any number of methods for a kill switch, and in reality none of them would be too trackable as you can register a domain or get a social profile handle without too much hassle with untraceable payment info and proxy/vpn IP.

I will never understand why people do these sorts of things, but it remains a fact there are ******** that make a point to profit off of us, or just hassle us.

I still say props to the kid that found that switch, but shame on Microsoft and the other security companies for not finding it at it's first appearance.

 

[campout]

"Accidental" hero does not seem the correct term. He is a real, intentional hero.

 

[campout]

Ah nevermind. I guess I should've read the article first. He didn't know that registering that domain would act as a killswitch. He only knew the domain was mentioned in the code and was unregistered. So... I guess accidental works.

 

[Jv1999]

Ah nevermind. I guess I should've read the article first. He didn't know that registering that domain would act as a killswitch. He only knew the domain was mentioned in the code and was unregistered. So... I guess accidental works.

Should've been a domainer that did this . . . Perfect fit. Especially if it was anil.

 

[platey]

"Accidental" hero does not seem the correct term. He is a real, intentional hero.

I reckon by that lad paying £8 for a domain he has kept a lot of people in jobs whose jobs would have come under pressure as they are paid big money to know how to prevent their it systems from such things had that domain not have been bought

He has probably saved those affected $billions I'd have thought over time and the big companies would have had no choice but to throw big money at the best in the business to find something that this lad found on his day off

Shame he never made a video of it and explained what was happening before during and after buying the domain lol

Its the sort of thing that would make a great film

 

[Ted.T]

So, the chinese guys are here trying to steal the "kill switch" domain... Now it's time to ask, WTF? After stealing valuable LLL.com, NNN.com, NNNN.com and other sweet domains, they are trying to steal a domain that stops a ransomware? That strange Asian culture...

http://www.independent.co.uk/news/u...itch-hackers-china-take-control-a7735571.html

 

[Corey]

not sure why @Premiums felt the need to publish the domain name here?

Cheers
Corey

 

[doubleU]

Accident or not, I should hope this individual gets their due rewards !

Think outside the box !

 

[Jv1999]

Accident or not, I should hope this individual gets their due rewards !

Think outside the box !

if he joins NP, instant VIP status. Also a legendary section will be opened called: "Legendary Domain Registrations: Discussion About Domain Registrations Other Than For Selling. (Saving the world, etc.)"

New Badge too: Hero Domainer

 

[siya]

I haven't heard about this so thank you for the information. The country where I stay affected wannacry virus

 

[Chris Hydrick]

Marcus Hutchins AKA MalwareTech AKA the hero who stopped the WannaCry ransomware virus by registering a domain was recently arrested in Las Vegas (Def Con) on hacking charges (not related to WannaCry)

http://www.nydailynews.com/newswire...rrested-u-s-hacking-charges-article-1.3382599

 

[Chris Hydrick]

Marcus Hutchins AKA MalwareTech AKA the hero who stopped the WannaCry ransomware virus by registering a domain was recently arrested in Las Vegas (Def Con) on hacking charges (not related to WannaCry)

http://www.nydailynews.com/newswire...rrested-u-s-hacking-charges-article-1.3382599

I wonder, if he's convicted, how will a judge determine if he's a detriment to society? ie He saved the cyber world from WannaCry after his alleged current hacking crimes. One could argue, if he didn't have a hacking past, he might not have figured out how to disarm WannaCry. Is this hero a menace to society? This shall be interesting.

 

[Kate]

An indictment filed in a U.S. District Court in Wisconsin accused Hutchins, also known online as "MalwareTech," of advertising, distributing and profiting from malware code known as "Kronos" that stole online banking credentials and credit card data. Hutchins' alleged activity took place between July 2014 and July 2015, according to the indictment.