
Ask HN: How did WannaCry get onto computers? - remx
After the recent so called &#x27;cyber attacks&#x27; of WannaCry, I was careful to update any Windows machine I have and install things like EMET and MalwareBytes on them. I switched to Linux years ago because I&#x27;ve heard nothing but bad news concerning Windows, but one thing struck me about the WannaCry infections: I heard the attackers used an exploit pulled from the recent ShadowBrokers leak, something related to &#x27;SMB&#x27;. A few questions:<p>Explain it to me like I&#x27;m five please<p>1.) What is SMB? And is it easy to remove from systems by simply uninstalling it (like I have done[0])?<p>2.) Does WannaCry just land on a machine through a simple point-and-click exploit? Do they just enter a vulnerable IP address and they can plant the exploit on the machine and run it?<p>3.) I am aware that it also gets onto machines by people randomly clicking on shady e-mail attachments, but I am very curious about how it simply lands on computers with very little or no user stupidity at all?<p>[0] I uninstalled SMB by going to &gt; Add or remove programs &gt; Remove windows features
======
celticninja
Initially the software will have been emailed to a user, once they open it it
can use the worm effect to infect all other machines on a network. It takes
one person to open the software, however it seems that they sent it to lots of
addresses and so you only need one weak point(person) on a network and voila
it can spread itself.

