Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
5Beans6

Wanna Cry and Virtual Machine

Ok thanks everyone! Just wanted to be safe, ya know :)

Recommended Posts

Posted · Original PosterOP

I was thinking about using a VM with Oracle Virtual Box to run my web browser in for the next little while while this Wanna Cry virus is going around. But since the vulnerability that it takes advantage of is network based, does this mean that it will still infect my PC, as the VM has to run through the NIC of my PC?


System: Ryzen 5 2600 @ 3.9 GHz, 32Gb Corsair Vengeance LPX DDR4 2666MHz RAM, Gigabyte Windforce GTX 960,

Asus ROG Strix B450-F Gaming, 500GB Samsung M.2 SSD, 1Tb HDD, 120GB Kingston SSD

 

My Youtube Channel: https://www.youtube.com/channel/UCwwukmZmlCEyRLI_eB1fhJw?&ab_channel=BellPoductions

Link to post
Share on other sites
1 minute ago, 5Beans6 said:

I was thinking about using a VM with Oracle Virtual Box to run my web browser in for the next little while while this Wanna Cry virus is going around. But since the vulnerability that it takes advantage of is network based, does this mean that it will still infect my PC, as the VM has to run through the NIC of my PC?

Just install the patch and disable SMB V1


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites
2 minutes ago, 5Beans6 said:

I was thinking about using a VM with Oracle Virtual Box to run my web browser in for the next little while while this Wanna Cry virus is going around. But since the vulnerability that it takes advantage of is network based, does this mean that it will still infect my PC, as the VM has to run through the NIC of my PC?

Is your pc up to date and on windows 10? if it is then you have nothing to worry about 

Link to post
Share on other sites

It's a Windows only ransom-ware, just make sure you have your Host Windows OS patched up to the latest updates, you shouldn't worry.

Link to post
Share on other sites

If you're on Windows 10, you're fine most likely fine.  If you're not on Windows 10 but installed the patch, you're fine.  If you're not on Windows 10, not patched, but SMBv1 is disabled, you're probably fine.

 

If you're not on Windows at all and you're in Linux you won't have any problems at all.

Link to post
Share on other sites
2 minutes ago, 5Beans6 said:

I was thinking about using a VM with Oracle Virtual Box to run my web browser in for the next little while while this Wanna Cry virus is going around. But since the vulnerability that it takes advantage of is network based, does this mean that it will still infect my PC, as the VM has to run through the NIC of my PC?

from my understanding, you don't even need the web browser to get infected as the exploit used is a flaw at the OS level - having internet connection is enough to be at risk if your router firewall somehow screws up

 

but the other thing i read over and over is that you are totally safe as long as your windows is up to date. 

Link to post
Share on other sites
2 minutes ago, CerberusLabrat said:

If you're on Windows 10, you're fine.  If you're not on Windows 10 but installed the patch, you're fine.  If you're not on Windows 10, not patched, but SMBv1 is disabled, you're probably fine.

 

If you're not on Windows at all and you're in Linux you won't have any problems at all.

Incorrect, if you've got the creators update then your fine otherwise there is a separate patch needed to secure Windows 10 just like every other Windows version.


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites
Posted · Original PosterOP · Best Answer

Ok thanks everyone! Just wanted to be safe, ya know :)


System: Ryzen 5 2600 @ 3.9 GHz, 32Gb Corsair Vengeance LPX DDR4 2666MHz RAM, Gigabyte Windforce GTX 960,

Asus ROG Strix B450-F Gaming, 500GB Samsung M.2 SSD, 1Tb HDD, 120GB Kingston SSD

 

My Youtube Channel: https://www.youtube.com/channel/UCwwukmZmlCEyRLI_eB1fhJw?&ab_channel=BellPoductions

Link to post
Share on other sites
1 minute ago, Master Disaster said:

Incorrect, if you've got the creators update then your fine otherwise there is a separate patch needed to secure Windows 10 just like every other Windows version.

no, the exploit targets a flaw in SMBv1, which is disabled by default on Windows 10.. 


If I helped, hit the thumbs up icon below my post and pick it as 'Best Answer'

Resident living meme - I swear a lot; if you don't like it fuck off :^)

  My specs and shit down below.

Spoiler

Apollo: i5 4670K @ 4.6Ghz, Corsair H100i, MSI Z87I, EVGA GTX 1070 SC ACX3, Corsair 250D, 840 EVO 120GB, 1TB Seagate Barracuda, SeaSonic 520W PSU. Planned upgrades: 16GB RAM, 480/512GB SSD, new HDD

Sputnik: HP EliteBook 2570p, i5-3360M, 16GB DDR3, 256GB 840 EVO - Running Win10/Sierra dual-boot.  Future upgrades: i7-quad

Comet (home server): Atom D2500, 4GB 1066Mhz RAM, 2 x 320GB HDDs, 350W PSU, HAF-Stacker ITX, dual GbE. Cost me $80. back from the dead (mobo failure) bois

Spoiler

Main peripherals

- Corsair Strafe RGB MX Reds

- SteelSeries Siberia 650

- SteelSeries QcK+ CS:GO Camo 

- SteelSeries QcK+ Na'Vi Splash (Secondary pad, used for second rig)

- SteelSeries Rival 700

- SteelSeries Rival 300 (Secondary mouse, used for second rig)

 

 

 

Link to post
Share on other sites
3 minutes ago, Master Disaster said:

Incorrect, if you've got the creators update then your fine otherwise there is a separate patch needed to secure Windows 10 just like every other Windows version.

Unless you've been screwing around with the settings and enabled SMBv1 for some unholy and unseen reason and disabled updates...

Link to post
Share on other sites
2 minutes ago, Droidbot said:

no, the exploit targets a flaw in SMBv1, which is disabled by default on Windows 10.. 

Oh I'm fully aware of that but the fact remains that Windows 10 pre Creators Update requires a patch to fix the EternalBlue exploit.

 

The person I responded to suggested that having Windows 10 was all you needed to be secured which is incorrect otherwise the patch wouldn't exist.


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites
6 minutes ago, CerberusLabrat said:

Unless you've been screwing around with the settings and enabled SMBv1 for some unholy and unseen reason and disabled updates...

Neither of my parents laptops nor my mums office PC have received the creators updates from WU yet, all are set to receive updates automatically.


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites
10 hours ago, Droidbot said:

no, the exploit targets a flaw in SMBv1, which is disabled by default on Windows 10.. 

As far as I know, this is not true. SMBv1 was not disabled on my Windows 10 Pro computer (clean install just a few months ago, not an update) and it is not disabled on the Windows 10 LTSB computer I have sitting next to me.

Both of them had SMBv1 turned on by default.

 

I don't have any clean Windows server install, but I think that SMBv1 is disabled by default on that. That's the server OS though and not the client version.

Link to post
Share on other sites
1 hour ago, LAwLz said:

As far as I know, this is not true. SMBv1 was not disabled on my Windows 10 Pro computer (clean install just a few months ago, not an update) and it is not disabled on the Windows 10 LTSB computer I have sitting next to me.

Both of them had SMBv1 turned on by default.

 

I don't have any clean Windows server install, but I think that SMBv1 is disabled by default on that. That's the server OS though and not the client version.

Sorry - I am incorrect. It is not disabled on Windows 10 by default, but the code is built to infect Win7/Win8/.1 and Server 2008R2/2012/R2 and not Windows 10, and doesn't work on Windows 10 at all according to MS. Sauce

 

 


If I helped, hit the thumbs up icon below my post and pick it as 'Best Answer'

Resident living meme - I swear a lot; if you don't like it fuck off :^)

  My specs and shit down below.

Spoiler

Apollo: i5 4670K @ 4.6Ghz, Corsair H100i, MSI Z87I, EVGA GTX 1070 SC ACX3, Corsair 250D, 840 EVO 120GB, 1TB Seagate Barracuda, SeaSonic 520W PSU. Planned upgrades: 16GB RAM, 480/512GB SSD, new HDD

Sputnik: HP EliteBook 2570p, i5-3360M, 16GB DDR3, 256GB 840 EVO - Running Win10/Sierra dual-boot.  Future upgrades: i7-quad

Comet (home server): Atom D2500, 4GB 1066Mhz RAM, 2 x 320GB HDDs, 350W PSU, HAF-Stacker ITX, dual GbE. Cost me $80. back from the dead (mobo failure) bois

Spoiler

Main peripherals

- Corsair Strafe RGB MX Reds

- SteelSeries Siberia 650

- SteelSeries QcK+ CS:GO Camo 

- SteelSeries QcK+ Na'Vi Splash (Secondary pad, used for second rig)

- SteelSeries Rival 700

- SteelSeries Rival 300 (Secondary mouse, used for second rig)

 

 

 

Link to post
Share on other sites
20 minutes ago, Droidbot said:

Sorry - I am incorrect. It is not disabled on Windows 10 by default, but the code is built to infect Win7/Win8/.1 and Server 2008R2/2012/R2 and not Windows 10, and doesn't work on Windows 10 at all according to MS. Sauce

Interesting, but knowing Microsoft's history I would not be surprised if that's just a lie to make more people move to Windows 10.

I have a Windows 10 computer that hasn't been updated in over a year. Maybe I should get it infected on purpose and see if it works.

Link to post
Share on other sites
13 hours ago, mrzoltowski said:

It's a Windows only ransom-ware, just make sure you have your Host Windows OS patched up to the latest updates, you shouldn't worry.

If you're running WINE or anything similar on Linux distros, you can get it there too. 


USEFUL LINKS:

PSU Whitelist | PSU Tier List F@H stats

Link to post
Share on other sites
1 minute ago, TheRandomness said:

If you're running WINE or anything similar on Linux distros, you can get it there too. 

If you tarnish Linux with anything windows related youre asking for trouble :)

Link to post
Share on other sites
1 minute ago, TheRandomness said:

How else would you run most games that aren't Linux-compatible without dual-booting windows?

I was just kidding :) 

 

Although i would have thought Linux users are much more security concious/aware and have certain user maturity. Therefore would have the latest patches of everything.

Link to post
Share on other sites
5 minutes ago, mrzoltowski said:

I was just kidding :) 

 

Although i would have thought Linux users are much more security concious/aware and have certain user maturity. Therefore would have the latest patches of everything.

tell that to my school, where we have a public facing web server still running Ubuntu 10.04 :dry:


If I helped, hit the thumbs up icon below my post and pick it as 'Best Answer'

Resident living meme - I swear a lot; if you don't like it fuck off :^)

  My specs and shit down below.

Spoiler

Apollo: i5 4670K @ 4.6Ghz, Corsair H100i, MSI Z87I, EVGA GTX 1070 SC ACX3, Corsair 250D, 840 EVO 120GB, 1TB Seagate Barracuda, SeaSonic 520W PSU. Planned upgrades: 16GB RAM, 480/512GB SSD, new HDD

Sputnik: HP EliteBook 2570p, i5-3360M, 16GB DDR3, 256GB 840 EVO - Running Win10/Sierra dual-boot.  Future upgrades: i7-quad

Comet (home server): Atom D2500, 4GB 1066Mhz RAM, 2 x 320GB HDDs, 350W PSU, HAF-Stacker ITX, dual GbE. Cost me $80. back from the dead (mobo failure) bois

Spoiler

Main peripherals

- Corsair Strafe RGB MX Reds

- SteelSeries Siberia 650

- SteelSeries QcK+ CS:GO Camo 

- SteelSeries QcK+ Na'Vi Splash (Secondary pad, used for second rig)

- SteelSeries Rival 700

- SteelSeries Rival 300 (Secondary mouse, used for second rig)

 

 

 

Link to post
Share on other sites
4 minutes ago, Droidbot said:

tell that to my school, where we have a public facing web server still running Ubuntu 10.04 :dry:

Yeah public sector organisations tend to have strange IT departments. The NHS in England runs Windows XP :/

Link to post
Share on other sites

The patch doesn't stop you getting infected if you get tricked into running the virus from an email or something.

The windows patch just stops you computer being infected automatically by another infected computer on the same LAN.

Remember guys, protection and be careful sticking any unknown programs into your computer.

Link to post
Share on other sites
5 hours ago, TheRandomness said:

If you're running WINE or anything similar on Linux distros, you can get it there too. 

WINE doesn't use Windows SMB modules, even if you're using Windows DLLs, so you can't get infected with Wannacry via WINE. The only way to infect a computer via WINE would be to manually download and run the worms payload, and even then I'm not sure if it would actually work.

Link to post
Share on other sites
Just now, Sniperfox47 said:

WINE doesn't use Windows SMB modules, even if you're using Windows DLLs so you can't get infected with Wannacry via WINE. The only way to infect a computer via WINE would be to manually download and run the worms payload, and even then I'm not sure if it would actually work.

Well, TPCSC on youtube did exactly that, and they did explain how it could run with programs/things like WINE installed.


USEFUL LINKS:

PSU Whitelist | PSU Tier List F@H stats

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×