Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • The Shadow Brokers, in new taunt, threaten to release even more NSA sourced malware

    Home Forums AskWoody blog The Shadow Brokers, in new taunt, threaten to release even more NSA sourced malware

    This topic contains 33 replies, has 18 voices, and was last updated by  anonymous 5 months ago.

    • Author
    • #115640 Reply

      Da Boss

      If you thought WannaCry was bad, you ain’t seen nothin’ yet. Post coming in InfoWorld.
      [See the full post at: The Shadow Brokers, in new taunt, threaten to release even more NSA sourced malware]

      3 users thanked author for this post.
    • #115659 Reply

      AskWoody Lounger

      Which of these is the worst part?

      1. That the NSA had such stuff going on.
      2. That the NSA, of all groups, got hacked.
      3. That a group of sociopathic individuals like the Shadow Brokers (never mind hackers and virus programmers in general) exists in the first place

      Fortran, C++, R, Python, Java, Matlab, HTML, CSS, etc.... coding is fun!
      A weatherman that can code

      2 users thanked author for this post.
      • #115956 Reply

        AskWoody MVP

        Which of these is the worst part?

        I think 1 is the worst. Our government shouldn’t be spying on us. We supposedly don’t live in a police state.

    • #115656 Reply


      I’m glad that it’s a source of fake news reporting this tripe, looks like they got bored with blaming Russia


    • #115661 Reply

      AskWoody Lounger

      Linux year coming finally? 😉

      MSI H110 PC MATE * Intel Core i5-6402P * 2 x 8 GB Corsair Vengeance LPX DDR4 2133 MHz * Gigabyte GeForce GTX 1050 Ti D5 4G * Samsung 840 EVO 250GB SSD * Western Digital Blue 1TB HDD * Seagate Barracuda 1TB HDD * DVD RW Lite-ON iHAS 124 * Creative X-Fi XtremeGamer PCI * Windows 8.1 Pro 64-bit + Windows 10 Mobile 1607 (Lumia 735)
      • #115737 Reply


        Linux has landed!  Old but quite serviceable x86 and x64 systems that came with Vista have now been updated to dual boot with Linux.  I had already updated the x86 system when the breaking news of Nvidia driver kernel mode vulnerabilities (for which updates do not exist) became known.  And now the specter of more malware exploits courtesy of Shadow Brokers is looming.  Enough is enough. I finished my backups this morning, and now all my systems run Linux.

        1 user thanked author for this post.
    • #115669 Reply

      Jan K.
      AskWoody Lounger

      Isn’t it a (surprisingly?) small number of users, that was hit by wannacry?

      200.000 is what I last saw, but compared to a win7 user base of.. what? 500.000.000?

      Anyway, I’m prepared for anything anyone can come up with, so bring it on! 😀

      • #115680 Reply


        @ Jan K

        When the NHS in the UK got hit by the WannaCry ransomware on Friday, 12 May 2017, hundreds of sick patients could not get proper care, eg their Dr appointments, surgeries, etc had to be postponed.

        As reported by Europol, “only” 200,000 computers worldwide, many in Europe, got hit because a very concerned Englishman/security-Pro accidentally chanced upon a kill-switch that immediately neutralized the WannaCry ransomware, thus sparing most of USA and the Americas, which are about 8 hours behind UK time, from being hit or becoming the next victims.
        . . Imagine the scenario if there was no kill-switch.

        4 users thanked author for this post.
        • #115858 Reply


          Yes, and we may never know all the trauma and potential tragedies caused by that. Big players fight it out, and small people get hurt.

          Big lesson: These institutions need to have knowledge about vulnerable ports and protocols.

        • #115897 Reply

          Noel Carboni
          AskWoody MVP

          sparing most of USA and the Americas, which are about 8 hours behind UK time, from being hit or becoming the next victims.

          Three words: Wake up call!

          But don’t you just know that there will be some new malware that hits hundreds of thousands of people in the future?

          People somehow never really seem to learn anything, especially from other people’s trauma.


          2 users thanked author for this post.
          • #115913 Reply

            AskWoody Lounger

            Remember Melissa? ILOVEYOU?  Nimda?  Slammer? MyDoom?  etc etc etc.  In light of some of those, this current crop was amazingly constrained . . . at least so far.  I am still convinced that this was a “small” (and accidentally released) test for something far bigger.


            • This reply was modified 5 months ago by  NetDef.
            • This reply was modified 5 months ago by  NetDef.
            You must be logged in to view attached files.
            1 user thanked author for this post.
      • #115782 Reply

        lurks about
        AskWoody Lounger

        What is more worrisome is there appears to be more where Wannacry came from. Also, right now Windows appears to be the only target but it is unknown what is available for MacOS, iOS, Android, and Linux. For Windows user, it looks like a rough few weeks are shaping up and just because one missed the first rounds does not mean a later one will not nail you. For users of other OSes do not assume you are invulnerable and be wary. The media may not mention if other OSes are being hit at the same time.

      • #115806 Reply

        AskWoody Lounger

        @Jan_K yeah you have a point there its a small number of users but I wonder how many “Suffered in silence” i.e. restored from backup or even formatted and reinstalled?
        I am still hazy about what would be the best recovery option. Normally periodically I will SYSPREP and save to a .wim file (yeah not ideal but shortens the recovery process) and generally using the option “compression:recovery” (same as ESD) saves space its generally an overnight affair. I have yet to see the malware that corrupts .wim or .esd files but i just know some ones going to prove me wrong lol 😉

      • #115890 Reply

        AskWoody Lounger

        AV software from several vendors was able to prevent infections. For example, Symantec reports that their products were blocking on average roughly 200000 infections per hour over the three day period. I haven’t checked to see what other AV vendors have reported.

        • #115899 Reply

          Noel Carboni
          AskWoody MVP

          Anyone serious about security needs to ask:

          Why did 200,000 people per hour do something that led to their last line of defense having to block an infection?

          Did they open an eMail attachment? Did they allow Windows Networking to reach the wild Internet? Did they download and indiscriminately run an executable? Did they click through a UAC prompt?

          Can we presume they were doofus-level employees of a megalithic company with lousy IT practices and out-of-date systems? Home users who think they know better but really don’t? Kids? Someone tired and not thinking as clearly as they can being duped by an almost legitimate-looking eMail?

          The first thing that comes to my mind as a root cause is a general lack of education / awareness about good computing practices, coupled with a false sense of security. But that’s just a guess.

          What we REALLY need to know in order to learn from this experience are real answers to my bolded question above.


          • #115918 Reply

            AskWoody Lounger

            Several analysts have come to the conclusion that this worm might have actually spread without any user-interaction at all, other than a lack of being current on security patches for Windows.

            I am leaning that way myself – we picked up four two new clients this week that got infected and we cannot find any trace of an email attachment in any of their inboxes that can be blamed. Nor can we find any trace of a particular web address that someone visited during the initial infection time.

            What we DID find in both cases?  RDP port 3389 was left open on their firewall – intentionally.  We have no proof that this port was somehow used to get to SMB but I am beginning to suspect something in this direction.  And this would not be the first time that this particular port has caused problems.  It should never – ever – be open on a firewall to the Internet.

            Edit:  Make that four new clients – I just checked my voice mail.  Geesh.  I hate virus outbreaks, but dang – they can be good for business.  Talk about a mixed up world.

            • This reply was modified 5 months ago by  NetDef.
            1 user thanked author for this post.
    • #115673 Reply

      AskWoody Lounger

      It really seems to be the ‘perfect storm’ for MS…lots of anger and frustration over forced 10 upgrades, sabotaged updates for 7/8.1, concern over updates going forward, and now this. Somewhere Linus Torvalds and Tim Cook are probably having tea, both of them smiling ear to ear at the implosion of the once mighty MS, and also at the ego, knowing that nothing will be done to Satnad & Co. as long as the profits are high because “who cares”.

      • #115783 Reply

        lurks about
        AskWoody Lounger

        It depends on whether the ‘perfect storm’ continues for awhile whether any major shifts will occur. One-and-done will not do much but several weeks of a continuous siege on Windows might make many reconsider their options. Right now, a few will ditch Windows, mostly those who probably considering it anyway. But if this last a few weeks or months then all bets are off.

    • #115698 Reply

      AskWoody Lounger

      I wonder how many of us whether in our corporate or personal lives will truly learn the only really critical lesson to come from all this? Namely, that we all need to become a whole let less dependent on computers in our everyday lives.

      3 users thanked author for this post.
      • #115713 Reply


        Exactly what I said. There is little realization how technology dependence dumbs us down  — in their wildest dreams didn’t they think that technology will make it so easy to manipulate, exploit and control the masses.

        And check this statement by MS guy responsible for 10 S:

        “In today’s world, Win32 has a lot of problems in terms of user confidence, privacy, battery life, etc. We don’t want to bring those problems into UWP but want to provide the functionality that the user wants – and make sure the user is in control at the same  time.

        Remember the corruption of language in 1984?

        Edit – please confine political comments to the Rants Forum


      • #115765 Reply


        Impossible. Mainly because we, y’know, live in the 21st century. It’d be like pre-enlightenment civilisation saying the gutenberg press experiment has had it’s run but it’s giving the masses access to unprecedented knowledge so let’s go back to scribes. You can’t put the genie back in the bottle and nor do i want to really, that’d be burying your head in the sand. This might be the internet’s rubicon moment and we’ll either strengthen our security and privacy or government’s will double down on surveillance. Relying less on computers? That’s up to you but it’s not the answer and nor will it happen in my opinion.

        – T

        • #115847 Reply

          AskWoody Lounger

          It’s only impossible because it requires  collective action. But the reality is that there is practically no defense against these types of attack and technologism is just like all other isms — it self destructs.  They all peak and collapse.

          1 user thanked author for this post.
      • #115829 Reply

        AskWoody Lounger

        Think we need to be a bit more discerning about what we do with our computers and not be so gullible as some appear to be and accept every choice/option offered us without thinking it through. Actually that is the same in real life too. Just thinking! LT

        The day has eyes; the night has ears. — Scottish

        2 users thanked author for this post.
    • #115709 Reply


      You ain’t seen nothing yet are the exact words I used in an earlier thread.

      1 user thanked author for this post.
    • #115772 Reply


      Apple was probably right when they resisted developing a proprietary tool to hack iPhones for the FBI because they felt the tool would eventually get into the wild. Tim Cook was probably correct in his concern, especially since so many obvious warning signs were ignored in the case of the San Bernadino attack. I do not have a lot of confidence in the US governments ability to protect digital data, especially after they lost all the federal personnel files in the hack of OPM.

      2 users thanked author for this post.
    • #115775 Reply


      Is it me or do those small manifestos read like Jar-Jar Binks is at a keyboard?

    • #115965 Reply

      Jan K.
      AskWoody Lounger

      With all the survailliance, snooping and what not by the world’s intelligence services I simply do not understand, why they haven’t tracked down that group a.o. criminals?

      An article on this, Woody?

      Or any links, that can enlighten me?

      See, if I type the word “bomb”…

      Oops, gotta go. Someone is knocking on my door…

    • #116055 Reply

      AskWoody Lounger

      Thanks for the joke Anonymous! Tickled my sense of humour.

      Just a thought – Could “The Shadow Brokers” be Microsoft programmers trying to force all remaining Windows XP And Windows 7 users to upgrade?

      After all Microsoft “knew” about the flaw, which is why they released the patch!


      • This reply was modified 5 months ago by  Kirsty. Reason: Edit BBCode
      • #116060 Reply

        AskWoody MVP

        There has been much speculation, including on your theory. Only time will tell, and if anyone does know, they aren’t saying so now…

    • #116442 Reply

      AskWoody Lounger

      Linux year coming finally? ?

      I don’t think so. If NSA doesn’t stop pilling up vulnerabilities, Linux may have it the worst, since they can patch their systems (the compiler for Linux is publically available, right?) and stay silent until a vulnerability is exploited (assuming that nobody notices them). I have already concerns with Linux and the recent kerfuffle is the icing on a really bad cake.

      • #116535 Reply


        I agree that GNU/Linux, FOSS by nature, is accessible to change by any entity, no matter what color hat they wear. The fact is, unless you have manufactured, literally by hand, your own machine, and never let it touch an exposed network, then there is *no* protected shelter anywhere. All of the learned opinions I read here discuss managing risk in the manner appropriate to their point of view.

        To my mind, under MSRedmond, a corporate entity of proven questionable character is my only hope to fix what has gone wrong in their proprietary world. But they host some of the software I *must* use. Hoops must be jumped through in just the right way, and the AskWoody team has the map.

        Alternatively, in the FOSS universe there is an ever growing contingent of coders, some of them very good, whose only goal is pride in a system that maintains operability no matter what. And hopefully earn enough to eat. Like the fantasy of utopia, it will never actually happen. But I like the mission statement better. If I did not require Win7 software to earn a living, my machines would not know Redmond existed.

        tl;dr\ Microsoft can be trusted to fix their stuff, their way. GNU/Linux can be repaired by anybody with the chops. Publicly available works for both sides.

        Hope this is allowed,

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: The Shadow Brokers, in new taunt, threaten to release even more NSA sourced malware

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information:

    Comments are closed.