January 11, 2021

Sinkholing wannacry

Recently watched a short documentary on wannacry and Marcus Hutchins. When he ran its code in quarantine, he noticed it was querying a url. He then noticed the domain wasn’t registered, and did so himself, thereby sinkholing traffic destined for the c&c server. My question is, if the domain wasn’t registered to begin with, how was the traffic from infected devices reaching the c&c servers? Was the virus also locally modifying the hosts file?

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.