Leaked NSA Malware Threatens Windows Users Around the World

[Blah]

https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/

Quote

Leaked NSA Malware Threatens Windows Users Around the World

The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.

The leak includes a litany of typically codenamed software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share.

The crown jewel of the implant collection appears to be a program named FUZZBUNCH, which essentially automates the deployment of NSA malware, and would allow a member of agency’s Tailored Access Operations group to more easily infect a target from their desk.

etc etc

 

 

[evlncrn8]

except it doesnt really as microsoft already patched it... 

[Loki]

Bit of a wake up call (if they needed another one) to companies still using old versions though.

I still see people using XP on professional laptops which is utterly mind boggling.

[Nemo]

they are mostly netbios(137,138,139), smb exploits(445).. so what i've never had those ports open or active.. wait for the rpcss.dll aka port 135 exploits.. all this crap is really old and these methods have been known about for a long time just never patched.. it really isn't anything new to the old schoolers rpc now there's the next set of fixme's

[Techlord]

It's a known fact that at almost any given point of time, there are at least 4-6 high-level exploits for Windows (recent versions) that are being traded for huge sums of money in the underground forums. By the time they are made public and patches are released for them, those exploits would have already been used for approx an year at least

For example, the "Heartbleed" exploit and several other such exploits were already being sold for sums of around USD 60K for almost an year, before they were made public. In fact they started to "leak" it out when no one was willing to buy them any further for large sums of money.

9 hours ago, Loki said:

Bit of a wake up call (if they needed another one) to companies still using old versions though.

I still see people using XP on professional laptops which is utterly mind boggling.

Nearly all of the exploits require the user's computer to be "listening" on certain ports. So most of them are of interest only to servers. Otherwise, most exploits require the user to execute the application locally.

While I agree fully that the best option would be to upgrade one's OS and apply the latest patches. it would not be wholly wrong to say that a properly configured XP Box is still quite secure, even in the present day, especially if its not used as server.

 

8 hours ago, Nemo said:

wait for the rpcss.dll aka port 135 exploits.. all this crap is really old and these methods have been known about for a long time just never patched

Yes, once no one wants to pay huge sums anymore for those exploits, even the more recent ones (not made public so far) would be released as a free for all

 

[Nemo]

well there is other countries with the same tools being created don't be naive believeing it's only us.. i'm sure australia, russia, china and even third world countries have exactly the same capabilities and unknown unpatched exploits.. Just other countries hide it better.. lol

[Techlord]

It's a known fact that many other countries including the UK etc do survellance in a similar manner.

It's just that the US gets a lot of exposure mainly for political reasons.