EternalRocks worm combines seven leaked NSA attack tools

EternalRocks worm combines seven leaked NSA attack tools
by
Want create site? Find Free WordPress Themes and plugins.

EternalRocks is a worm that uses four server message block (SMB) exploits and three other attack tools developed by the US National Security Agency (NSA) and leaked by the Shadow Brokers hacking group.

EternalRocks is a worm that uses four server message block (SMB) exploits and three other attack tools developed by the US National Security Agency (NSA) and leaked by the Shadow Brokers hacking group.

Although it is still to be weaponised, security experts are concerned that EternalRocks, also known as MicroBotMassiveNet, could have a much greater impact than WannaCry, once weaponised.

The biggest concern is that attacks such as EternalRocks can spread even more quickly in the cloud, where many organisations have no visibility into their workloads or network traffic.

EternalRocks was discovered and named by Miroslav Stampar, a security researcher and member of the Croatian government’s computer emergency response team (Cert), who captured a sample of the worm in a Windows 7 honeypot he runs.

The discovery of the worm confirms speculation that WannaCry was likely to be the first of many other attacks to emerge based on the leaked NSA exploits.

The attack is believed to have been live since 3 May 2017, which pre-dates the spread of the WannaCry ransomware that uses the EternalBlue NSA exploit.

According to Stampar’s GitHub post, EternalRocks spreads through the NSA SMB exploits EternalBlue, EternalChampion, EternalRomance and EternalSynergy, along with related attack tools DoublePulsar, ArchiTouch and SMBTouch.

Stampar said EternalRocks currently has no payload or malicious component, but is simply spreading itself using a two-stage process that takes place over a 24-hour period.

The first stage infects vulnerable computers running the Windows operating system that have not been patched to fix the MS17-010 vulnerability, which is also exploited by WannaCry.

This stage also downloads some .NET components and drops an executable file used to download and run the Tor anonymous web browser as well as command and control (C2) communications.

In the second stage, the Tor browser is used to download another executable file from a .onion domain after 24 hours, which, in turn, downloads the NSA exploits.

 

Did you find apk for android? You can find new Free Android Games and apps.

Leave a Reply

Your email address will not be published. Required fields are marked *