EternalRocks Worm Exploits 7 NSA Hacking Tools

WannaCry looks to have a successor born out of the use of seven allegedly leaked NSA SMB (Server Message Block) hacking tools rather than two.

Dubbed EternalRocks, the malware in the form of a worm was discovered by Miroslav Stampar, a member of the Coratian Government’s CERT (computer emergency response team), who caught the worm in a SMB honeypot.

EternalRocks malware

Like WannaCry, EternalRocks infects Windows PCs via the use of an NSA tool called EternalBlue, but adds a suite of other tools with the Eternal prefix into the mix.

EternalRocks spreads from machine to machine through the use off the Doublepulsar NSA tool

Also standing apart from WannaCry is how EternalRocks has yet to be loaded with a malware payload, so lacks WannaCry’s ability to lock files or corrupt penetrated machines.

However, there is certainly scope for the worm to be equipped with malware to wreak havoc like WannaCry, and it leaves a backdoor on infected machines that leave them vulnerable to other malware propagated by other hackers.

While EternalRocks has not spread very far, according to Stampar, it lacks the kill switch domain of WannaCry and as such may be much harder to bypass or fix if it is weaponised with a malware payload. Furthermore, it has a 24 hour activation delay between it and the control and command server, and uses the same file names as WannaCry, which throws up challenged for security researcher in detecting the worm.

In its current form, EternalRocks appears to be more of an experimental worm, either kept harmless for research purposes or has been designed to infiltrate vulnerable computers, establish a backdoor, and await the deployment of more dangerous malware that exploits the established security hole.

“Currently, there are multiple actors scanning for computers running older and unpatched versions of the SMB services. System administrators have already taken notice and started patching vulnerable PCs or disabling the old SMBv1 protocol, slowly reducing the number of vulnerable machines that EternalRocks can infect,” explained security specialist Catalin Cimpanu on the Beeping Computer.

Given the disruption WannaCry wreaked on various organisations, notably the NHS, another worm capable of infecting computers at a global scale will not be a appreciated by security teams.

Do you know all about security in 2017? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Reddit Introduces AI Search Tool

AI-powered Reddit Answers allows users to access information based on Reddit posts, in move to…

11 hours ago

Former OpenAI Researcher Raises $40m For AI Voice Start-Up

Former co-developer of voice mode for OpenAI's ChatGPT launches WaveForms AI to make AI voice…

11 hours ago

OpenAI Releases Sora Video-Generation Tool

OpenAI releases Sora AI video-generation tool to ChatGPT Plus and Pro subscription users amidst concern…

12 hours ago

Tesla To Use Human Back-Up Drivers For Cybercab Fleet

Tesla to initially use human back-up controllers for company-owned robotaxi fleet at launch next year,…

12 hours ago

China Opens Nvidia Antitrust Probe After US Sanctions

Chinese government opens antitrust probe into Nvidia's $7bn acquisition of Mellanox, in move seen as…

13 hours ago

Google Announces Quantum Chip Error ‘Breakthrough’

Google Willow quantum chip makes significant improvements in error correction, moving quantum computing closer to…

13 hours ago