Skip to main content

EternalRocks: New Malware Uses 7 NSA Hacking Tools, WannaCry Used Just 2


eternalrocks
A security researcher’s honeypot has caught a new malware that uses 7 NSA hacking tools to perform the attack. Named EternalRocks, this malware exploits Windows SMB flaws. While it doesn’t appear to be dropping ransomware at the moment, it leaves PC vulnerable to remote commands for future attacks. To make sure that you remain
protected, you’re advised to apply all the security patches or upgrade to a newer version of Windows.
Looking at the current situation, it’s clear that you won’t be forgetting WannaCry anytime soon. In case you’re missing some recent updates on the same, you can visit this page to read our coverage of WannaCry, which is also called WanaDecrypt0r. This ransomware used EternalBlue and DoublePulsar tools to wreck havoc.
Now, a security researcher has found a new worm named EternalRocks, which is spreading via SMB. While WannaCry exploited 2 NSA flaws, EternalRocks uses 7 NSA tools. EternalBlue and DoublePulsar tools are also a part of the arsenal of EternalRocks. The other 5 tools are Eternalchampion, Eternalromance, Eternalsynergy, Architouch and SMBtouch.
The existence of EternalRock was discovered when it infected Miroslav Stampar’s honeypot. Stampar is the creator of sqlmap tool, which is used to detect and exploit SQL injection flaws.
Stampar found out that the original name of EternalRocks was MicroBotMassiveNet. While EternalRocks disguises itself as WannaCry to fool researchers. While it doesn’t spread ransomware, it opens the door for future attacks.
After infecting via SMB, EternalRocks installs TOR and signals its C&C server which is a .onion domain. After waiting for 24 hours, malware’s C&C server responds. This delay is with an intention to bypass security testing environments.
Stampar has called EternalRocks a “full-scale cyber weapon.” After unpacking, it begins scanning for open 445 ports and unloads the 1st stage of malware. The researcher also notes that there’s no kill-switch in EternalRocks.

How to save yourself from EternalRocks?

Due to the rise of threats like WannaCry and EternalRocks, it’s high time that users start taking security steps to defend themselves. Here are some advises that you need to follow:
  • If it’s possible, replace older Windows systems with latest versions.
  • Grab all the patch releases and apply them.
You can read more about EternalRock on Stampar’s GitHub page.
Did you find this story on EternalRocks malware helpful? Don’t forget to share your views inside comments below.

Comments

WHAT'S HOT

Samsung Overtakes Fitbit In Wearable Sales For First Time

Fitbit has been a top competitor on the global wearable market for a long time, but the South Korea giant Samsung managed to steal the silver crown of the wearable market from Fitbit. According to Strategy Analytics, Samsung gained the

Supermassive Black Holes Found Orbiting Each Other For The First Time

Image Credit: UCR Researchers from Stanford University have identified super-massive binary black holes at the center of Galaxy 0402+379 about 750 billion light years away. The two of the black holes are just 24 light years apart and one of them is orbiting the other. This is the first

System76 Announces Its Own Linux Distribution Named Pop!_OS

Image: System76 Linux machine vendor System76 has launched their own operating system named Pop!_OS. Based on Ubuntu GNOME, this new Linux distro’s Alpha version is right now available for download. The first final release of Pop!_OS will be shipped

"The corruption is everywhere" - Take a look at what a Nigerian saw in the cupcake he bought

A Nigerian man who bought something he thought was a cupcake, got the shocker of his life after he opened the package to see it was a well packaged "bread".


A Nigerian man who bought something he thought was a cupcake, got the shocker of his life after he opened the package to see it was a well packaged "bread".