After the recent so called 'cyber attacks' of WannaCry, I was careful to update any Windows machine I have and install things like EMET and MalwareBytes on them. I switched to Linux years ago because I've heard nothing but bad news concerning Windows, but one thing struck me about the WannaCry infections: I heard the attackers used an exploit pulled from the recent ShadowBrokers leak, something related to 'SMB'. A few questions:<p>Explain it to me like I'm five please<p>1.) What is SMB? And is it easy to remove from systems by simply uninstalling it (like I have done[0])?<p>2.) Does WannaCry just land on a machine through a simple point-and-click exploit? Do they just enter a vulnerable IP address and they can plant the exploit on the machine and run it?<p>3.) I am aware that it also gets onto machines by people randomly clicking on shady e-mail attachments, but I am very curious about how it simply lands on computers with very little or no user stupidity at all?<p>[0] I uninstalled SMB by going to > Add or remove programs > Remove windows features
Initially the software will have been emailed to a user, once they open it it can use the worm effect to infect all other machines on a network. It takes one person to open the software, however it seems that they sent it to lots of addresses and so you only need one weak point(person) on a network and voila it can spread itself.