05-20-2017 , 10:32 PM
http://support.eset.com/alert6442/#eternalblue ESET Stops WannaCryptor, WannaCry and EternalBlue. Use our free tool to make sure Windows vulnerabilities are patched
Alert ID: ALERT6442|Document ID: 24125|Last Revised: May 19, 2017
Tweet
ESET detects and blocks this threat and its variants (such as WannaCryptor.D). ESET identifies this threat as Filecoder.WannaCryptor.
On systems not protected by ESET, a Windows exploit called EternalBlue can be used to introduce WannaCryptor. We strongly recommend that you follow the suggestions below to ensure the highest level of security on your computer:
Make sure that ESET Live Grid is enabled in your ESET product.
Make sure that your ESET software is upgraded to the latest version and running most up-to-date detection engine.
Follow the steps in the section below to make sure your system is patched against the EternalBlue exploit.
Make sure your system is patched against the EternalBlue exploit
ESET has released a free tool to help determine whether your Windows machine is patched against EternalBlue.
Follow the steps below to check your system for vulnerabilities using the ESET EternalBlue Checker:
Download the installer file for the tool below:
https://help.eset.com/eset_tools/ESETEte...hecker.exe
Double-click the installer file to run the tool.
If the tool finds a vulnerability in your system due to missing Microsoft patches, Your computer is vulnerable will be displayed.
Figure 1-1
Press any key to open the Microsoft Windows update page. Click Microsoft Update Catalog in Method 2: Microsoft update Catalog section.
Figure 1-2
Click the image to view larger in new window
On the Microsoft Update Catalog page, find your operating system in the Products column and click the Download button next to your system.
Figure 1-3
Click the image to view larger in new window
Click the link in the Download window to download the security update for your system.
Figure 1-4
After the security update has been installed, restart your computer.
After the computer has restarted, run ESETEternalBlueChecker.exe again to verify that the security update installed correctly and your system is no longer at risk. If the security update was installed correctly, Your computer is safe, Microsoft security update is already installed will be displayed.
Figure 1-5
Warn colleagues who frequently receive emails from external sources – for instance financial departments or Human Resources.
Regularly back up your data. In the event of infection, this will help you recover all data. Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch.
Disable or restrict Remote Desktop Protocol (RDP) access (see Remote Desktop Protocol best practices against attacks).
Disable macros in Microsoft Office.
If you are using Windows XP, disable SMBv1.
For more detailed information about how you can use ESET to protect your systems from ransomware infections, see the following Knowledgebase article:
Best practices to protect against Filecoder (ransomware) malware
https://www.virustotal.com/en/file/07931.../analysis/ SHA256: 07931b94e7fc5e3fdb0b451cea72a68436952b59a68b4a627c30412a28ce233f
File name: ESETEternalBlueChecker.exe
Detection ratio: 0 / 57
Analysis date: 2017-05-20 19:16:55 UTC ( 2 hours, 7 minutes ago )
Copyright
Copyright © ESET, spol. s r.o. 1992-2017. All rights reserved.
Product ESET CVE-2017-0144 vulnerability checker
Original name ESETEternalBlueChecker.exe
Internal name ESETEternalBlueChecker
File version 1.0.0.1
Description ESET CVE-2017-0144 vulnerability checker
Signature verification Signed file, verified signature
Signing date 11:35 AM 5/19/2017
Signers
[+] ESET
[+] VeriSign Class 3 Code Signing 2010 CA
[+] VeriSign
Counter signers
[+] Symantec Time Stamping Services Signer - G4
[+] Symantec Time Stamping Services CA - G2
[+] Thawte Timestamping CA VirusTotal metadata
First submission 2017-05-19 13:34:31 UTC ( 1 day, 7 hours ago )
Last submission 2017-05-20 19:16:55 UTC ( 2 hours, 7 minutes ago )
File names ESETEternalBlueChecker
ESETEternalBlueChecker v1.0.0.1.exe
ESETEternalBlueChecker.exe
ESETEternalBlueChecker.exe
ESETEternalBlueChecker.exe
Alert ID: ALERT6442|Document ID: 24125|Last Revised: May 19, 2017
Tweet
ESET detects and blocks this threat and its variants (such as WannaCryptor.D). ESET identifies this threat as Filecoder.WannaCryptor.
On systems not protected by ESET, a Windows exploit called EternalBlue can be used to introduce WannaCryptor. We strongly recommend that you follow the suggestions below to ensure the highest level of security on your computer:
Make sure that ESET Live Grid is enabled in your ESET product.
Make sure that your ESET software is upgraded to the latest version and running most up-to-date detection engine.
Follow the steps in the section below to make sure your system is patched against the EternalBlue exploit.
Make sure your system is patched against the EternalBlue exploit
ESET has released a free tool to help determine whether your Windows machine is patched against EternalBlue.
Follow the steps below to check your system for vulnerabilities using the ESET EternalBlue Checker:
Download the installer file for the tool below:
https://help.eset.com/eset_tools/ESETEte...hecker.exe
Double-click the installer file to run the tool.
If the tool finds a vulnerability in your system due to missing Microsoft patches, Your computer is vulnerable will be displayed.
Figure 1-1
Press any key to open the Microsoft Windows update page. Click Microsoft Update Catalog in Method 2: Microsoft update Catalog section.
Figure 1-2
Click the image to view larger in new window
On the Microsoft Update Catalog page, find your operating system in the Products column and click the Download button next to your system.
Figure 1-3
Click the image to view larger in new window
Click the link in the Download window to download the security update for your system.
Figure 1-4
After the security update has been installed, restart your computer.
After the computer has restarted, run ESETEternalBlueChecker.exe again to verify that the security update installed correctly and your system is no longer at risk. If the security update was installed correctly, Your computer is safe, Microsoft security update is already installed will be displayed.
Figure 1-5
Warn colleagues who frequently receive emails from external sources – for instance financial departments or Human Resources.
Regularly back up your data. In the event of infection, this will help you recover all data. Do not leave external storage used for backups connected to your computer to eliminate the risk of infecting your backups. If your system requires Windows Updates to receive the patch for this exploit, create new backups after applying the patch.
Disable or restrict Remote Desktop Protocol (RDP) access (see Remote Desktop Protocol best practices against attacks).
Disable macros in Microsoft Office.
If you are using Windows XP, disable SMBv1.
For more detailed information about how you can use ESET to protect your systems from ransomware infections, see the following Knowledgebase article:
Best practices to protect against Filecoder (ransomware) malware
https://www.virustotal.com/en/file/07931.../analysis/ SHA256: 07931b94e7fc5e3fdb0b451cea72a68436952b59a68b4a627c30412a28ce233f
File name: ESETEternalBlueChecker.exe
Detection ratio: 0 / 57
Analysis date: 2017-05-20 19:16:55 UTC ( 2 hours, 7 minutes ago )
Copyright
Copyright © ESET, spol. s r.o. 1992-2017. All rights reserved.
Product ESET CVE-2017-0144 vulnerability checker
Original name ESETEternalBlueChecker.exe
Internal name ESETEternalBlueChecker
File version 1.0.0.1
Description ESET CVE-2017-0144 vulnerability checker
Signature verification Signed file, verified signature
Signing date 11:35 AM 5/19/2017
Signers
[+] ESET
[+] VeriSign Class 3 Code Signing 2010 CA
[+] VeriSign
Counter signers
[+] Symantec Time Stamping Services Signer - G4
[+] Symantec Time Stamping Services CA - G2
[+] Thawte Timestamping CA VirusTotal metadata
First submission 2017-05-19 13:34:31 UTC ( 1 day, 7 hours ago )
Last submission 2017-05-20 19:16:55 UTC ( 2 hours, 7 minutes ago )
File names ESETEternalBlueChecker
ESETEternalBlueChecker v1.0.0.1.exe
ESETEternalBlueChecker.exe
ESETEternalBlueChecker.exe
ESETEternalBlueChecker.exe