It has been a few days since the world has been impacted by WannaCry.
People thought that it is all over. Unfortunately, this is far from the truth.
The kill switch that was found on the hard code of the infection is just the beginning. It just slowed down the infection rate.
Multiple security researchers and companies have claimed that there is more than one version of the WannaCry malware. Some have different kill-switch domains and some have have no kill switch at all.
Infection rate is still rising but possibly at a stunted rate. It leverages a Windows SMB exploit to remotely target a computer running on un-patched or unsupported versions of Windows.
hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com
The domain listed above is responsible for keeping WannaCry from spreading like a worm. It is clearly defined in its code that if the connection to this domain fails, the SMB worm proceeds to infect computer systems all around the world.
Fortunately, MalwareTech registered this domain in question and created a sinkhole – tactic researchers use to redirect traffic from the infected machines to a self-controlled system.
Malware security researcher Matthieu Suiche has confirmed that he has found a new WannaCry variant with a different domain for kill-switch function, which he registered to redirect it to a sinkhole in an effort to slows down the infections.
People think that discovering the kill-switch has stopped the infection, we are all mistaken.
They would just utilize a different mode of spreading. One of which is via email, torrents and other vectors.
Some researchers such as Raiu from Kaspersky labs have found samples of the WannaCry variant that has no kill-switch and it is totally scary and is believed to be made by some other person or group.
Expect a new surge of attack of this WannaCry variants in the near future until all systems have been patched.
The worm functionality attempts to infect un-patched Windows systems all over the world by running a massive scanning of internet based IP and try to infect un-patched systems.
It is advised that computer users install the latest patch for Microsoft Windows to block this from spreading. The patch has been available for download for a few months now, people just ignore them.
It also helps updating your anti-virus and anti-malware programs to minimize risk of getting infected. They might be able to deter unknown risks like this from spreading so please practice good judgment and install windows updates as per recommended by Microsoft.
