Home | Community | Message Board

Cannabis Seeds Zamnesia
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post Pages: 1
Invisibletdubz
Male User Gallery


Registered: 02/26/12
Posts: 5,586
Leaked NSA Malware Threatens Windows Users Around The World
    #24247155 - 04/15/17 06:47 PM (6 years, 11 months ago)

https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/

The ShadowBrokers, an entity previously confirmed by The Intercept to have leaked authentic malware used by the NSA to attack computers around the world, today released another cache of what appears to be extremely potent (and previously unknown) software capable of breaking into systems running Windows. The software could give nearly anyone with sufficient technical knowledge the ability to wreak havoc on millions of Microsoft users.

The leak includes a litany of typically codenamed software “implants” with names like ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system earlier than the most recent Windows 10. The vulnerable Windows versions ran more than 65 percent of desktop computers surfing the web last month, according to estimates from the tracking firm Net Market Share.

The crown jewel of the implant collection appears to be a program named FUZZBUNCH, which essentially automates the deployment of NSA malware, and would allow a member of agency’s Tailored Access Operations group to more easily infect a target from their desk.

According to security researcher and hacker Matthew Hickey, co-founder of Hacker House, the significance of what’s now publicly available, including “zero day” attacks on previously undisclosed vulnerabilities, cannot be overstated: “I don’t think I have ever seen so much exploits and 0day [exploits] released at one time in my entire life,” he told The Intercept via Twitter DM, “and I have been involved in computer hacking and security for 20 years.” Affected computers will remain vulnerable until Microsoft releases patches for the zero-day vulnerabilities and, more crucially, until their owners then apply those patches.

“This is as big as it gets,” Hickey said. “Nation-state attack tools are now in the hands of anyone who cares to download them…it’s literally a cyberweapon for hacking into computers…people will be using these attacks for years to come.”

Hickey provided The Intercept with a video of FUZZBUNCH being used to compromise a virtual computer running Windows Server 2008–an industry survey from 2016 cited this operating system as the most widely used of its kind.

Susan Hennessey, an editor at Lawfare and former NSA attorney, wrote on Twitter that the leak will cause “immense harm to both U.S. intel interests and public security simultaneously.”

A Microsoft spokesperson told The Intercept “We are reviewing the report and will take the necessary actions to protect our customers.” We asked Microsoft if the NSA at any point offered to provide information that would help protect Windows users from these attacks, given that the leak has been threatened since August 2016, to which they replied “our focus at this time is reviewing the current report.” The company later clarified that “At this time, other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers.”

Update: April 15, 2017

Late Friday night, Microsoft published a blog post stating that after an analysis of the ShadowBrokers leak, it had determined that most of the vulnerabilities were patched in a series of Windows updates released in March — updates that security researchers who analyzed the NSA tools apparently neglected to install. This means the exploits in question were not in fact “zero days” and that anyone running the most recent updates on software still supported by Microsoft is safe from the ShadowBrokers arsenal. But the timing of the patch in question is interesting: If Microsoft truly did not receive any help from the NSA, as it claims, the fact that it fixed a litany of holes vulnerable to secret NSA tools exactly a month before those tools were made public is an amazingly fortunate coincidence (curiously, Microsoft skipped the usual acknowledgements section with the patch, which typically nods to how they were informed of the threats fixed in a given update). At any rate, this is certainly good news for Windows users who keep their computers up to date, good news for Microsoft, and still very bad news for the NSA.

Update: April 14, 2017
This post has been updated with an additional comment from Microsoft.

Extras: Filter Print Post Top
Jump to top Pages: 1


Similar ThreadsPosterViewsRepliesLast post
* Windows users, update your computers NOW riffic 1,045 3 02/11/04 02:40 PM
by MetaShroom
* X Windows Users! blink 881 10 11/22/04 09:11 PM
by AhronZombi
* free, open software for windows users wilshire 952 1 11/07/05 09:24 AM
by wilshire
* Yet Another Windows Security Flaw - More Serious Than Usual DiploidM 816 2 01/04/06 04:44 PM
by drtyfrnk
* Microsoft Says Recovery from Malware Becoming Impossible Vvellum 1,123 13 04/05/06 10:45 PM
by rawtoxic
* FTC: Windows feature is a backdoor for spam motamanM 1,271 7 11/12/03 07:34 AM
by T0aD
* Windows security mm. 1,836 1 06/01/01 06:08 PM
by Its Pat
* Yeah I use Windows...gotta problem with it? VoidOfsPg 1,000 6 10/16/05 06:01 PM
by ThePredator

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
248 topic views. 0 members, 2 guests and 2 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.024 seconds spending 0.007 seconds on 13 queries.