EternalRocks Worm Exploits 7 NSA Hacking Tools

WannaCry looks to have a successor born out of the use of seven allegedly leaked NSA SMB (Server Message Block) hacking tools rather than two.

Dubbed EternalRocks, the malware in the form of a worm was discovered by Miroslav Stampar, a member of the Coratian Government’s CERT (computer emergency response team), who caught the worm in a SMB honeypot.

EternalRocks malware

Like WannaCry, EternalRocks infects Windows PCs via the use of an NSA tool called EternalBlue, but adds a suite of other tools with the Eternal prefix into the mix.

EternalRocks spreads from machine to machine through the use off the Doublepulsar NSA tool

Also standing apart from WannaCry is how EternalRocks has yet to be loaded with a malware payload, so lacks WannaCry’s ability to lock files or corrupt penetrated machines.

However, there is certainly scope for the worm to be equipped with malware to wreak havoc like WannaCry, and it leaves a backdoor on infected machines that leave them vulnerable to other malware propagated by other hackers.

While EternalRocks has not spread very far, according to Stampar, it lacks the kill switch domain of WannaCry and as such may be much harder to bypass or fix if it is weaponised with a malware payload. Furthermore, it has a 24 hour activation delay between it and the control and command server, and uses the same file names as WannaCry, which throws up challenged for security researcher in detecting the worm.

In its current form, EternalRocks appears to be more of an experimental worm, either kept harmless for research purposes or has been designed to infiltrate vulnerable computers, establish a backdoor, and await the deployment of more dangerous malware that exploits the established security hole.

“Currently, there are multiple actors scanning for computers running older and unpatched versions of the SMB services. System administrators have already taken notice and started patching vulnerable PCs or disabling the old SMBv1 protocol, slowly reducing the number of vulnerable machines that EternalRocks can infect,” explained security specialist Catalin Cimpanu on the Beeping Computer.

Given the disruption WannaCry wreaked on various organisations, notably the NHS, another worm capable of infecting computers at a global scale will not be a appreciated by security teams.

Do you know all about security in 2017? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

AWS re:Invent Conference Welcomes Back Crowds

Over 27,000 attendees and members of the press (including Silicon) attend Amazon Web Services worldwide…

5 hours ago

Head Of Car Giant Stellantis Issues Electric Vehicle Cost Warning

The car manufacturing industry cannot sustain the costs from government demands to shift to electric…

6 hours ago

SpaceX’s Elon Musk Warns Of Bankruptcy Risk Over Engine Issue

SpaceX CEO Elon Musk warns of “disaster” concerning production of Starship Raptor engine that puts…

8 hours ago

Twitter To Remove Photos Tweeted Without Permission

Privacy overstep? Personal photos and videos of private individuals tweeted without the consent of the…

9 hours ago

Facebook Cryptocurrency Executive David Marcus To Leave

Executive in charge of Meta's cryptocurrency efforts, confirms he is leaving after seven years at…

11 hours ago

NY AG Seeks Overseer For Amazon Worker Safety

New York's attorney general asks US judge to appoint someone who will oversee worker safety…

12 hours ago