New Worldwide Threat
By Mark Phillips ¦ Blog.TotalAV.com ¦ Updated 30th May 2017, 08.16 EDT
In yet more harrowing news, a Croatian researcher has discovered a new worm, known as EternalRocks, that utilizes seven stolen hacking tools from the NSA. The malware shares characteristics with WannaCry, and could potentially pose an even greater threat than the already notorious ransomware.
But, for now, there is no need to lose our heads in blind panic. Well, sort of. According to Miroslav Stampar, a member of the Croation Government CERT, the EternalRocks bug is not currently activated to carry out attacks on infected computers.
In other words, for the moment it’s just code that is spreading itself from machine to machine. However, the C&C servers can send infected computers any chosen command at any time, including orders to download additional malware.
The EternalRocks malware has its crosshairs fixed on computers with unpatched, exposed SMB ports – there are numerous in existence – and breaches them by employing six of the leaked NSA tools. For initial compromise, the worm sends in EternalChampion, EternalBlue, EternalSynergy and EternalRomance, and for SMB reconnaissance, ArchiTouch and SMBTouch.
The final tool, DoublePulsar, is utilized to spread to new computers and remains on those infected as an implant. DoublePulsar is left open by default, which means that other malicious programs can use it as a backdoor for any of the infected machines.
EternalRocks is stealthy in its approach, according to Stampar. After the worm infects a machine it sits quietly for twenty-four hours before talking to the C&C infrastructure in a bid to sneak by researcher analysis and sandboxing. Unlike WannaCry, which included a kill switch domain that could temporarily disable the threat, EternalRocks doesn’t have one.
All of these hacking tools have been made publicly available courtesy of the mysterious Shadow Brokers group. The recent WannaCry outbreak, an unprecedented cyber attack which infected computers with ransomeware on a global scale, also used two of these hacking tools, DoublePulsar and EternalBlue.
Microsoft has announced that the leaked weapons can’t wreck havoc on its supported products, but did state that unsupported operating systems such as XP, and systems that aren’t up to date with critical patches, could be at risk.
According to Recorded Future, there has been a great deal of interest in Russian and Chinese darknet forums, with hacking tools being reverse engineered, such as EternalBlue.
Protect Your PC From Ransomware Today!
You have already taken the first steps towards protecting your device, make sure you maintain your protection by purchasing our Antivirus Pro package today offering you full protection on all of your devices for our lowest ever price.
Survive Global Ransomware Attack With Our Biggest EVER Discount?
To claim this discount and protect all of yours and your familys devices simply click the link below. Our award winning Antivirus Pro provides licenses for all of your devices, including your Office & Home PC or Mac, Smartphone & even Tablet.