A 41-character .com domain was key to bringing down a malware campaign.
A ransomware attack based on an NSA tool spread like wildfire yesterday…until a researcher spent ten bucks to register a domain name.
A malware researcher discovered an unregistered domain name in the code of the malware and registered the domain name. Malware frequently points to unregistered domain names that it cycles through over time.
But in this case something weird happened when the domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com was registered. The malware stopped working.
So a $10 domain registration took down a nasty malware campaign for now.
While some people are calling this a “kill switch”, the unnamed researcher who registered the domain thinks it was actually inserted into the code to prevent further analysis of the malware if it was being analyzed in a sandbox environment.
The good news is the domain name registration halted the current campaign. The bad news is that someone will just change the code and start spreading it again. This means it’s imperative that owners of older Windows-based machines patch them immediately.