Re: News article about a "cyberattaque"

From: S Moonesamy <sm+mu_at_elandsys.com>
Date: Sun, 14 May 2017 11:49:11 -0700


Hi Logan,
At 10:46 14-05-2017, Loganaden Velvindron wrote:
>Thank you for the feedback on the article. By creating your own DNS
>record for the sinkhole within your enterprise network, you can easily
>spot infected Windows Virtual Machines, when your IT infrastructure
>has grown organically. Also, you don't need to depend on flaky ISP DNS
>servers which have had issues during the past month with slow DNS
>resolution.

The meaning of "enterprise network" in Mauritius is not the same as
its meaning in the United States. I don't think that the issue is
about "Windows Virtual Machines" or spotting infected Windows
computers. New variants of WannaCry were detected today. One of
those variants of WannaCry is using
ifferfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com as the domain name
for the "kill switch". That is a different domain name from the one
which was reported on 12 May. In my opinion it is not practical to
make a recommendation which companies in Mauritius won't be able to
implement unless they are actively tracking new variants of the ransomware.

>We both agree that the term "kill switch" is better instead of "bug".

Yes.

Regards,
S. Moonesamy
Received on Sun May 14 2017 - 18:50:10 PST

This archive was generated by hypermail 2.3.0 : Sun May 14 2017 - 18:54:00 PST