
Ask HN: I must be missing something about WannaCry etc. - oferzelig
I understand that the massive WannaCry propagation is thanks to unpatched Windows systems such that, once the malware is inside a given computer, it spreads across the LAN that computer is part of.<p>But as for the initial &quot;infection&quot;, it&#x27;s caused by merely opening a dodgy email attachment. In which case it&#x27;s no different than any other crap one gets to their computer by recklessly opening attachments.<p>So what&#x27;s so unique about this one that makes it spread so widely?
======
cbhl
1) Protocols that are designed for LANs are often exposed to the public
Internet. This means that it can spread from one LAN to another by scanning
the entire public IP address range for the vulnerable service. This happened
in 2003 with the Blaster worm.
[https://en.wikipedia.org/wiki/Blaster_(computer_worm)](https://en.wikipedia.org/wiki/Blaster_\(computer_worm\))

2) LANs can be very big (thousands of computers) and span multiple buildings
or cities, and many LANs only have firewalls at the "border" with the Internet
(instead of per-machine). Windows machines in particular, tend to have shared
network drives (CIFS or SMB) enabled so you can log into any computer and
continue working (and to avoid viruses spread by floppies and USB keys).

------
tekni5
If you have open ports and SMBv1 is unpatched/enabled, I believe you can
randomly get from a random scan of your ip by the worm.

