Академический Документы
Профессиональный Документы
Культура Документы
• Attack vectors:
• Dropper trojan in infected attachment
• Exploitation of SMB “Eternal Blue” vulnerability in unpatched Windows
machines
Key aspects (2)
• Its worm capabilities are based on publicly available exploit code for
the patched SMB “Eternal Blue” vulnerability, in the form of a
specially crafted packet sent to an SMBv1 server
• Disable SMBv1
• https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-
disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-
windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012