A 41-character .com domain was key to bringing down a malware campaign.
A ransomware attack based on an NSA tool spread like wildfire yesterday…until a researcher spent ten bucks to register a domain name.
A malware researcher discovered an unregistered domain name in the code of the malware and registered the domain name. Malware frequently points to unregistered domain names that it cycles through over time.
But in this case something weird happened when the domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com was registered. The malware stopped working.
So a $10 domain registration took down a nasty malware campaign for now.
While some people are calling this a “kill switch”, the unnamed researcher who registered the domain thinks it was actually inserted into the code to prevent further analysis of the malware if it was being analyzed in a sandbox environment.
The good news is the domain name registration halted the current campaign. The bad news is that someone will just change the code and start spreading it again. This means it’s imperative that owners of older Windows-based machines patch them immediately.
© DomainNameWire.com 2017. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact copyright (at) domainnamewire.com.
Latest domain news at DNW.com: Domain Name Wire.
The post Domain registration halts spread of WannaCry malware…for now appeared first on Domain Name Wire | Domain Name News & Views.
No related posts.
Go to Source
Author: Andrew Allemann