Hacker News new | past | comments | ask | show | jobs | submit login

He found the address in the source code of the ransomware, any researcher could have found it. He even said himself that when he found it in the source code and saw it was unregistered he registered it to see what would happen. As it turned out it stopped infections from occurring.

Not to say that he isnt the malware writer but your use of quote marks makes me think you have no idea about what happened and havent looked into it, just made some "wild assumptions".




Pretty sure it was in disassembled machine code, not source code.


I have taken the liberty to download a sample of WannaCry and I can see the "killswitch" domain just running strings on the binary.

    $ strings Downloads/24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c.bin |grep .com
   __p__commode
   http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: