Skip to main content

EternalRocks: New Malware Uses 7 NSA Hacking Tools, WannaCry Used Just 2


eternalrocks
A security researcher’s honeypot has caught a new malware that uses 7 NSA hacking tools to perform the attack. Named EternalRocks, this malware exploits Windows SMB flaws. While it doesn’t appear to be dropping ransomware at the moment, it leaves PC vulnerable to remote commands for future attacks. To make sure that you remain
protected, you’re advised to apply all the security patches or upgrade to a newer version of Windows.
Looking at the current situation, it’s clear that you won’t be forgetting WannaCry anytime soon. In case you’re missing some recent updates on the same, you can visit this page to read our coverage of WannaCry, which is also called WanaDecrypt0r. This ransomware used EternalBlue and DoublePulsar tools to wreck havoc.
Now, a security researcher has found a new worm named EternalRocks, which is spreading via SMB. While WannaCry exploited 2 NSA flaws, EternalRocks uses 7 NSA tools. EternalBlue and DoublePulsar tools are also a part of the arsenal of EternalRocks. The other 5 tools are Eternalchampion, Eternalromance, Eternalsynergy, Architouch and SMBtouch.
The existence of EternalRock was discovered when it infected Miroslav Stampar’s honeypot. Stampar is the creator of sqlmap tool, which is used to detect and exploit SQL injection flaws.
Stampar found out that the original name of EternalRocks was MicroBotMassiveNet. While EternalRocks disguises itself as WannaCry to fool researchers. While it doesn’t spread ransomware, it opens the door for future attacks.
After infecting via SMB, EternalRocks installs TOR and signals its C&C server which is a .onion domain. After waiting for 24 hours, malware’s C&C server responds. This delay is with an intention to bypass security testing environments.
Stampar has called EternalRocks a “full-scale cyber weapon.” After unpacking, it begins scanning for open 445 ports and unloads the 1st stage of malware. The researcher also notes that there’s no kill-switch in EternalRocks.

How to save yourself from EternalRocks?

Due to the rise of threats like WannaCry and EternalRocks, it’s high time that users start taking security steps to defend themselves. Here are some advises that you need to follow:
  • If it’s possible, replace older Windows systems with latest versions.
  • Grab all the patch releases and apply them.
You can read more about EternalRock on Stampar’s GitHub page.
Did you find this story on EternalRocks malware helpful? Don’t forget to share your views inside comments below.

Comments

WHAT'S HOT

Amazon Cuts Huawei Watch 2 Price To $194.99

Huawei's latest smartwatch has received a temporary price cut in the United States. There is no word on how long the promotion will last, but those interested

This Medical Camera Can See Right Through Human Body

Now, a team at the University of Edinburgh has developed a medical camera that can see right through your body. This new camera works by detecting light sources inside the body, such as

Google Search About To Receive A New “Speed Test Tool”, Here Is How To Use It

I use the Speed Test tool by Ookla to check the speed of my broadband connection. Generally, I use Google Search to visit the website. But the last time when I Googled the term “speed test,” I didn’t have to go much further than the search result itself.

Microsoft Has Released The First Windows 10 Build 16353 For Insiders

As Fall Creators Update is nearing its release, Skip Ahead was announced last month. It enables fast ring users to continue receiving new features, though the RS_PRERELEASE