The expert added that the standard model was to search for expired command and control (C2) domains belonging to botnets and redirect them to sinkholes (servers designed to capture malicious traffic rather than allowing it to reach victims).
This allows them to gather data on the geographic distribution and scale of the attack which can then be used to protect users and inform authorities.
It is also standard practice to reverse engineer the code to check for vulnerabilities that could potentially be used to takeover the malware and the botnet via a registered domain.
The researcher said it took a while for them to realise the botnet had been disabled but doesn’t believe this was a deliberate killswitch. Instead, they speculated it was designed to stop the malware functioning in a testing environment so further analysis could not be performed.
Microsoft ended formal support for Windows XP in 2014 but several organisations have paid for extended updates because of their reliance on the aging and increasingly insecure platform.
The NHS was one of these organisations, signing a one year extension in 2014. However this was not extended in 2015 and a possible attack has long been mooted. Indeed, according to NHS Digital as many as five percent of NHS devices run Windows XP.
Microsoft rushed out an emergency patch for WannaCry, a step which it admitted was unusual. In March, the SMB exploit in questiion was fixed, but it appears the update was not applied in many parts of the NHS, while the lack of support for Windows XP meant these systems were vulnerable.
The fallout from the debacle will reopen many arguments – not least investment in cybersecurity, funding for the health service and the ongoing threat of ransomware – but MalwareTech is adamant that another assault could be on the way – as early as Monday.
All the botnet has to do to become a threat again is change the domain. So, the advice is simple: patch now. And probably stop using Windows XP.
Quiz: The triumph and the tragedy of public sector IT
Page: 1 2
Tesla shareholders to be asked to reinstate Elon Musk's $56 billion pay package, days after…
Catching WhatsApp? Billionaire founder of Telegram claims encrypted platform will reach one billion users within…
Good news for Mark Zuckerberg as judge dismisses some claims in dozens of lawsuits alleging…
Consequences of Assembly Bill 886. Google begins removing California news websites from some search results
CEO Tim Cook during visit to Jakarta says Apple will look into building a manufacturing…
Introduction of digital services tax on tech firms will begin in 2024 Canadian government confirms,…