The registration of the “garbage” domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com quite possibly saved lives, after a botnet attack spreading malware, targeted a variety of healthcare facilities, seeking ransom.
Named WannaCry, the malware infects vulnerable Windows machines, encrypts their content and then demands $300 dollars in Bitcoin in order to decrypt the files.
Inside the malware was hard-coded the domain listed above, designed by its creator to act as a kill-switch on demand.
There was one slight problem: that domain was not registered.
A security expert and operator of MalwareTech.com saw the opportunity to register it, and was thus able to stop the spreading and payload update capabilities of the WannaCry malware.
WannaCry affected hospitals and healthcare facilities in the UK and Russia, causing havoc. By stumping the capabilities of WannaCry, the domain’s registrant quite possibly saved lives.
According to the MalwareTech analyst:
“I believe they were trying to query an intentionally unregistered domain which would appear registered in certain sandbox environments, then once they see the domain responding, they know they’re in a sandbox the malware exits to prevent further analysis. This technique isn’t unprecedented and is actually used by the Necurs trojan (they will query 5 totally random domains and if they all return the same IP, it will exit); however, because WannaCrypt used a single hardcoded domain, my registartion of it caused all infections globally to believe they were inside a sandbox and exit…thus we initially unintentionally prevented the spread and and further ransoming of computers infected with this malware. Of course now that we are aware of this, we will continue to host the domain to prevent any further infections from this sample.”
Meanwhile, the domain WannaCry.com has just been registered by an unrelated party.
Hat tip: Dale.
I just checked, a bunch of typos, of that domain, still available.
Don W – It can most definitely get fat-fingered.
Why don’t you create protecting software …..
And you can earn money from that…
Great domain gang…. Please choose this way.. 😎😎😎