looks like the world is being attacked by a very serious Ransomware virus.

so far UK, US, China, Russia, Spain and many more data's being hold to Ransom. its called WannaCry. and affects windows computers.

The infections seem to be deployed via a worm - a program that spreads by itself between computers.

Most other malicious programmes rely on humans to spread by tricking them into clicking on an attachment harbouring the attack code.

By contrast, once WannaCry is inside an organisation it will hunt down vulnerable machines and infect them too.

Some experts say the attack may have been built to exploit a weakness in Microsoft systems that had been identified by the NSA and given the name EternalBlue.

http://www.bbc.co.uk/news/technology-39901382

 

[NintendU_the_great]

Are they using PCs suitable for the time period for Windows 2000 (like P3s etc), or are they somehow shoehorning Windows 2000 onto a modern Intel Core i5 system? (Which, incidentally, wouldn't be able to take advantage of more than two cores/threads because Windows 2000 didn't support multi-core licensing.)

they are using VERY old Thinkpads, and they have some (looks like 30 years old) servers in the back of their IT department, but we as students are not allowed to see them

--------------------- MERGED ---------------------------

"exactly."
With your 'sorry but u can get the virus on mac + linux too' line you were making it sound like it was just as easy to get infected with it on *nix lmao
And yeah, I'm typing this from a Linux distro.

reworded it
same, which distro?

Are they using PCs suitable for the time period for Windows 2000 (like P3s etc), or are they somehow shoehorning Windows 2000 onto a modern Intel Core i5 system? (Which, incidentally, wouldn't be able to take advantage of more than two cores/threads because Windows 2000 didn't support multi-core licensing.)

Either way, there's something seriously wrong here, and you should take it up with the school board, because Windows 2000 is susceptible to this ransomware worm and cannot be patched to prevent it.

well, we are not allowed to exactly go so in deep of their "IT room" to see their servers but form my observations they hvae few very old thinkpads and their servers look 10-20 years old.

I can't do shit about it, as they won't listen. they use Active Directory and just recently unforced us to use, as now their is a new windows only app for taking exam tests called Wizemen which, doesn't run on wine.

 

[Deleted User]

which distro?

Plebian Debian.

 

[NintendU_the_great]

Plebian Debian.

ohh. I use Ubuntu GNOME.
which WM/ DE?

 

[Deleted User]

ohh. I use Ubuntu GNOME.
which WM/ DE?

I've just been using Openbox since it's lightweight in comparison to the DEs I'd tried.

 

[grossaffe]

I've just been using Openbox since it's lightweight in comparison to the DEs I'd tried.

You're not using any DE with it, just straight up Openbox? What kind of specs does your machine have?

 

[Deleted User]

You're not using any DE with it, just straight up Openbox? What kind of specs does your machine have?

i5 + 16GB of RAM + Intel HD graphics. Performance-wise, the DEs I tried were fine, but they drained my laptop's battery pretty fast.

 

[grossaffe]

i5 + 16GB of RAM + Intel HD graphics. Performance-wise, the DEs I tried were fine, but they drained my laptop's battery pretty fast.

Which DEs did you try? I've never considered the battery aspect of a DE. Did you try XFCE and LXDE?

 

[Deleted User]

Which DEs did you try? I've never considered the battery aspect of a DE. Did you try XFCE and LXDE?

Cinnamon, GNOME, MATE and LXDE. LXDE was fine but I didn't like the file manager that it came with and how some programs here and there would open that one by default even if I had another one installed and set up so it was supposed to be used by default.

 

[grossaffe]

Cinnamon, GNOME, MATE and LXDE. LXDE was fine but I didn't like the file manager that it came with and how some programs here and there would open that one by default even if I had another one installed and set up so it was supposed to be used by default.

That's odd. LXDE itself shouldn't, I don't think, come with a file manager. Was it just that you installed Lubuntu and whichever other distros came with those DEs preinstalled?

What was the file manager you didn't like, and did you try purging it?

 

[Deleted User]

That's odd. LXDE itself shouldn't, I don't think, come with a file manager. Was it just that you installed Lubuntu and whichever other distros came with those DEs preinstalled?

What was the file manager you didn't like, and did you try purging it?

I might actually have been thinking of what happened with MATE, my memory kinda sucks. If it did come with a file manager, then I probably didn't bother to think of trying to remove it at all since the other DEs I've used rely somewhat on the file managers that they come with.

 

[NintendU_the_great]

I might actually have been thinking of what happened with MATE, my memory kinda sucks. If it did come with a file manager, then I probably didn't bother to think of trying to remove it at all since the other DEs I've used rely somewhat on the file managers that they come with.

did you try Enlightenment? did you try Mate 1.18?

i5 + 16GB of RAM + Intel HD graphics. Performance-wise, the DEs I tried were fine, but they drained my laptop's battery pretty fast.

did you try GNOME on Wayland? it is supposed to perform better than normal x11 in performance & power aspects.

 

[Deleted User]

did you try Enlightenment? did you try Mate 1.18?
did you try GNOME on Wayland? it is supposed to perform better than normal x11 in performance & power aspects.

Nope, I only tried what was the latest release of MATE at the time (which was a few months ago).

 

[Joom]

FYI sorry to burst your bubble but even Mac & Linux can get infected from the virus only if you do these things (which is virtually impossible for anyone with brains)
1. run wine with SUDO - NEVER DO THIS
2. PURPOSEFULLY DOWNLOAD AND RUN THE MALWARE (why would you do this)
3. ta da! only now, your home folder is encrypted, all your other system files are safe.

Actually, no, that's not how it'd work. Only the Wine prefix would be affected provided it'd even run. In this case it'd be "/root/.wine/dosdevices/c:@/Users/<username>" since in your scenario it was ran with sudo, but that's not necessary to execute malware. Anyway, no harm done whatsoever.

 

[NintendU_the_great]

Actually, no, that's not how it'd work. Only the Wine prefix would be affected provided it'd even run. In this case it'd be "/root/.wine/dosdevices/c:@/Users/<username>" since in your scenario it was ran with sudo, but that's not necessary to execute malware. Anyway, no harm done whatsoever.

this askubuntu post contradicts what you stated...
https://askubuntu.com/questions/914...ry-ransomwares-possible-impact-on-linux-users

 

[Joom]

this askubuntu post contradicts what you stated...
https://askubuntu.com/questions/914...ry-ransomwares-possible-impact-on-linux-users

The worst case scenario is that depending on the direct access wine has to your Ubuntu system, some or all parts of your home will be affected

He had those affected folders symlinked to his Wineprefix. Pretty easy to avoid.

 

[NintendU_the_great]

He had those affected folders symlinked to his Wineprefix. Pretty easy to avoid.

ohhh ! But can't one access their whole "/" drive from Wine without symlinking it??

 

[Joom]

ohhh ! But can't one access their whole "/" drive from Wine without symlinking it??

Windows malware can't because it treats the prefix as a Windows drive. It doesn't know it's being ran with Wine.

 

[NintendU_the_great]

Windows malware can't because it treats the prefix as a Windows drive. It doesn't know it's being ran with Wine.

wait, but i thought this malware affected all drives connected, and the "/" is available as a drive, right?

 

[Joom]

wait, but i thought this malware affected all drives connected, and the "/" is available as a drive, right?

No. The malware can't see anything above the emulated C: drive. Like I said, it doesn't know it's being ran through Wine. Wineprefixes are essentially sandboxes, and you can even have more than one with different architectures and Windows versions setup at the same time.

WINEARCH=win32 WINEPREFEX=$HOME/.wine32 winecfg

This will create a 32-bit prefix at ~/.wine32 and use it as its working directory.

 

[NintendU_the_great]

No. The malware can't see anything above the emulated C: drive. Like I said, it doesn't know it's being ran through Wine. Wineprefixes are essentially sandboxes, and you can even have more than one with different architectures and Windows versions setup at the same time.

WINEARCH=win32 WINEPREFEX=$HOME/.wine32 winecfg

This will create a 32-bit prefix at ~/.wine32 and use it as its working directory.

1. oh now I see, So if we on Windows keep all our data on another drive, then the ransomware is practically useless!?

2. i knew about wine prefixes already I spent 6 months on Arch, I learnt a lot xD