"The answer to your question can’t be publicly posted due to concerns of the malware being reused..." The best thing you possibly could do is make this available to the public so it can be dissected by the international community, then dealt with, and mitigated against by the international community. Otherwise you're putting it in the hands of one agency or another and who knows what their motives may be. It should be public domain. Not black box, closed up, like the intel ME, so people can't do anything about it but a few big agencies who specialize in this kind of activity more than anyone else to begin with. Once you involve the feds they might put you under a gag order. Put it out there before its too late. Giving this to an agency that is being sued by a man who was nearly killed by ISIS members
who were under the direction of the FBI, not to mention all of the
false flag events they've been engaged in, as well as unlawful spying which they are
currently under investigation for by the White House, another criminal gang, this is the last group on earth I'd think about giving this too. Not saying they're all bad, but giving it exclusively to the FBI is like keeping Intel ME closed sourced and away from the public eye. "Perhaps this was a dry run on a non-critical target(s) to test the malware by a state actor?" my thoughts as well. Then
why give it exclusively to a state actor? They could have been the ones testing it for all we know. Give it to the anti-virus vendors everywhere, give it to the public, allow it to be dissected and revealed so it can be better understood and thus prevented.
Some security tips:
First and foremost get a router capable of running dnscrypt; dnscrypt ensures you cannot be man in the middled via dns, thwarting all dns poisoning attempts so long as the dns server in use is not compromised or 'owned' so to speak. It would most have to be owned because the gigabytes or terabytes of simple daily dns traffic are too much to be analyzed on a compromised machine run by someone like you or I with cheap independent open dns servers. You can also get a windows version called simple-dnscrypt. This alone will enhance your online security immeasurably. Dnscrypt can also disable ipv6 queries which can be
used to exfiltrate data; Disable all reverse dns and arpa requests via dnsmasq by adding "server=/arpa/" and "bogus-priv" to dnsmasq.conf. I just bought an asuswrt flashed it with merlin, though just a few days ago after exposing
a possible Israeli false flag event on the newly moved US embassy, right on Israels own military counter intelligence website (debakafile), my firewall on the router itself was disabled that night; thankfully nothing can be persistent on this device, a re-flash cleans that up easily.
Turris Omnia is by far the fastest and safest consumer router ever made, both open source software and hardware, entirely crowd funded by people like you and I, though their dns resolver (knot-resover) I'm not familiar with, I believe it is DNS over TLS exclusively which is not something I'm familiar with, and I am not sure if it offers the same
high level of security and features as dnscrypt. But all in all, the Turris is the best in the industry, possibly the world. Make sure you use an adblocker / malwarehost blocker on your router;
firehol 1/2/3 lists catch all botnets and infected IPS reported around the world in realtime and everything is updated every 36 minutes; you can put it on a cron job to keep it up-to-date.
It takes a lot of work to harden a windows system.
Use this guide, its one of the best. You'll want to harden the system via gpo with a fine tooth comb after running
security compliance manager, or
Microsoft Security Compliance Toolkit 1.0. Harden your cipher suites with
IISCrypto, disable weak ciphers, anything less than TLS 1.2. Enable Strict TLS 1.2 DHE 256 on ISS, Windows Update, CryptoAPI, here is my automated reg file designed
for windows 7, should be compatible with 10. Just do a restore if need be or use this
regfile that will do that for you. Or here is a cutting edge cipher hardening
powershell script for windows 10, not as hardened as my file but its still infinitely more secure than the default. Hardern Kerberos ciphers:
https://pastebin.com/nhMji0mE Harden Microsoft trusted root CA,
https://pastebin.com/0CjP826f Harden Harden Oracle Open JDK Java ciphers & sandboxing via "java config". Harden and remove weak ciphers from browsers. Update to the latest WINRM/Powershell
https://blogs.msdn.microsoft.com/po...indows-management-framework-wmf-5-1-released/ (Possibly only necessary in windows 7) And
harden powershell, disable
powershell remoting, enable powershell
script auditing / logging in GPO, add environment command 'Powershell Script Execution Lockdown'
https://pastebin.com/iw1ck8Z1 run all browsers (
only latest beta for security updates) in sandboxie with ublock matrix whitelisting only, & ublock origin as a minimum. Run ASLR & DEP with mwbam, or anti-exploit; (or better,
windows 10 has added these features to windows defender, I'd use other security scanners only for maintainence) Enable
ASLR in windows defender...(Windows 10 only) and on top of that, use the most cutting edge ASLF features available here on page 2,
here. Harden the firewall, use
binisoft WFC firewall for fine tooth control of windows firewall, which is the best there is. Harden the TCPIP stack using
Microsoft's best practices. I posted a reg file to to do this in one go here:
https://pastebin.com/nZ7swtxJ (I left out AFD for windows 10 compatibility; windows 7 users ensure you harden AFD also shown in "best practices" link or in custom lists below. "Security compliance manager" updates group policy to the latest definitions & settings.
'Microsoft Security Compliance Toolkit 1.0" has replaced SCM, which is
no longer supported; but its a great piece of software. I have not tried the latter cause I'm on windows 7. This also allows you to save your GPO settings for future installations. Disable all ipv6,
https://pastebin.com/VXd1wVF0
Run 1.
Ancile, 2.
0&0 shut-up-10, 3.
Blackbird and 4.
Spybot Anti-Beacon to disable all microsoft spyware.
If you want to go all the way disabling risky windows services and features, I've compiled a huge list here, its very extensive and gets to the very core of all remote features in windows 7, and a huge chunk of Windows 10 too:
Black Vipers Win7 64 SP1 safe list.reg
https://hastebin.com/hugijoholi.tex
My custom disabled services list, reg file safe to import as is.
https://pastebin.com/yKfJunfc
Reg file includes all services changes from
http://hardenwindows7forsecurity.com
https://pastebin.com/nugPxTg7
My custom list Includes hardening TCPIP/AFD & much more:
https://pastebin.com/DkiKZpGv
My custom list, disable windows remote management
https://hastebin.com/lebemeziba.tex
As you can see, I disable all lan networking & Microsoft remote assistance, remote desktop, and terminal services with these. You can comb through it and apply what is useful for windows 10. I've been running with these settings in windows 7 for 4-5 months with ZERO issues; the only problem was monthly rollups require re-enabling branchcache under services.msc for the updates to install, which is a microsoft bug. Must be enabled once every month.
Disable nvidia telemetry:
https://pastebin.com/ZzpDdb5B
I've also disabled windows update and only enable it manually once a week or so; Last week I failed to disable it for two days and Microsoft installed windows defender signature updates even with automatic updates confirmed disabled and set to "notify but do not download."
I have brought this to the attention of Microsoft. This suggests Windows updates can be exploited remotely with a MITM and or by Microsoft itself, and they are colluding with state actors, as you can see here: "The Microsoft Dilemma"
I suspect it was a dryrun to test my incredibly hardened PC for exploitation. I have not been hacked for months now; barring what I mentioned previously, and they didn't get to my pc.
If you do not game or encode video with cuda, don't install Nvidia cuda drivers as these are what is
currently publicly known to used by nvidia rootkits. AND contrary to the ignorance of those hammering on about your so called loopy mind-state,
Nvidia regularly releases security updates for their own video card drivers so keep those up-to-date also. According to Microsoft, you may also consider disabling hardware acceleration and webgl in your browsers to ensure your video card i
s not exploited via flash viruses. And that was back in 2011. There are some mitigations already present for this in Chrome for example. And in chrome webgl can currently only be disabled via extension.
Disable Intel ME. If you're worried about remote control you may wish to use only wired devices and no bluetooth as these can be hijacked remotely, possibly from satellites as well. I am curious if this may have been what
spread spectrum was all about in the bios;
Always make sure your windows machine is up to date for this very reason: this is a must see video, how to defend against metasploit based attacks:
Make sure you post it publicly for all. I'd personally give a copy of this malware to legit security services like kaperski, regrun / unhackme crew, and the security team that uncovered the Intel ME hap bit (ptsecuriy)
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
The hackers could have been the DoD, NSA, FBI, CIA, for all we know. They are governed and infiltrated by some of the greatest criminals on this planet. Not all are bad but there is a lot of bad apples in these carts.
CIA are well known to pose as Chinese or Russian hackers, "seeding" false intelligence and blaming it on the victims or patsies. Be aware of that if you found Korean or Chinese fingerprints anywhere that may have nothing to do with reality unless you are absolutely certain. Beware of divisive false intel. If you were targeted for your business or corporate background it could have been any number of security contractors who take the bid; this could include all aforementioned agencies, as the FBI is being investigated for now by the white-house. 21 trillion has been misplaced by the DoD in the last 20 years; that's a lot of money and they are highly active in these fields, but if you're not rocking the boat like I am then that's probably not an issue for you. If this is purely driven by corporate greed and financial espionage that is a whole different thing. Or possibly a random grab on a test run for something bigger, like a war against Russia or something to that effect. (yeah god only knows)
Can't believe the depth of ignorance in the original comments here.
If your computer was turned on after being turned off that is called a denial of sleep attack. Im curious if it was turned off or only in sleep mode. It was either #1, Asleep, with Magic Wake packets sent to your nic; #2 The rootkit triggers a wake up call while PC is in sleep mode. #3 Your Intel management chip/PSP which can turn your computer on even when its completely powered off. #4 A Hijacked Intel Proxzzzy which can wake the computer when its turned off as well. You may want to disable Wake-on-LAN and remote wake-up support features under device manager as well including EMCA & Intel Proxzzzy if they are active,
https://www.ecma-international.org/publications/files/ECMA-ST/ECMA-393.pdf as a precaution against possible Proxzzzy hijacking attempts as demonstrated in the document; or unknown exploits for these wake services. I had spoken to Intel about the threat to critical infrastructure regarding Intel ME and Proxzzzy here:
https://communities.intel.com/thread/123079
They shouldn't just be signing their bios updates, oem vendors should offer security oriented motherboards with a jumper pin that enables/disables all software flashing from taking place, as Intel used to do 10 years ago with some of their chipsets; Or they should use embedded One-Time-Programmable (OTP) memory where practical; which cannot be re-flashed. There will be a growing market in that field given the nature of threats like Intel ME.
If you have a deep conscience and want this to be truly of service to humanity and even potentially save lives, I'd post it up here or somewhere for all to find like open source software; which will benefit all of humanity. I'd give it away to the world and those protecting it, and freely. I would personally send it to kapersky, greatis and ptsecurity for example. Russia could use the assistance given the fact they are being targeted by the west and what are the chances the FBI are going to defend anything but their own corporate interests and handlers, that of the bankers and the entrenched swamp of America? Get it out to the world in case they put a gag order on you.
"Perhaps this was a dry run on a non-critical target(s) to test the malware by a state actor?"
my thoughts as well.
why give it exclusively to a state actor?
Oh yeah, or just switch to linux with aparmor and hardened tcpip stack, ipv6 disabled.
Last but not least, let your love guide you not your fear.