The obvious news this week. In case you somehow missed it: a ransom worm was let loose on the world, infecting over 300.000 systems in a few days. This article provides a good overview of what happened.

The attack was based on an SMB exploit out of the NSA leaks. Microsoft had released a patch for this exploit in March, but not everyone had installed the update yet. Because of how serious this was Microsoft even released patches for Windows XP, Windows 8 and Windows Server 2003, which are in theory no longer supported.

A researcher by the alias of MalwareTech was able to effectively trigger a killswitch, stopping propagation of the worm. He writes his story here.
Thanks to MalwareTech we also have a live map of infections, which is just downright cool. And you can also see the total infection count up till now, 300.000 systems, right here.

Dieter Van der Stock

