After WannaCry Ransomware EternalRocks Malware Just Found
Security researchers have detected one fresh worm which uses attack codes that got exposed from National Security Agency of USA after the damaging attack campaign of WannaCry ransomware.
Given the name EternalRocks, the worm similar as WannaCry exploits flawed applications of the file sharing service Server Message Block of Microsoft. Miroslav Stampar, penetration tester who is also a participant of CERT (computer emergency response team) of Croatia seized the worm's sample followed with putting up its analysis onto Github.
As EternalRocks stands today, there aren't any sinister elements in it; it isn't used to corrupt else lock files; nor does it utilize hijacked PCs for creating a botnet. Rather when it contaminates PCs, the machines become susceptible to remote instructions which are capable of weaponizing the contamination. The strength of EternalRocks is more than WannaCry, especially because there's no kill switch unlike in the case of the ransomware with which researchers contain it.
The other recent malware EternalBlue too takes 24-hrs to activate so that this delay foils efforts for examining it. There's been a surge of online assaults over the past ten days due to which organizations worldwide have been totally helpless. Indianexpress.com posted this, May 22, 2017.
EternalRocks hasn't proliferated too widely as yet, however, it is merely an instance of certain surge of fresh malicious software related to NSA-created attack codes. Already the consequences are serious with the possibility of getting worse. In the past ten days there's been a surge of online assaults due to which organizations worldwide have been wholly helpless. First, WannaCry disseminated via exploiting Windows security flaw for which Microsoft issued one patch during March. The malware locked data-files on contaminated computers through encryption followed with asking to pay ransom to decrypt them.
EternalRocks works in dual phases. First it contaminates un-patched Windows computers while pulls down more malware along with one TOR browser to make communications obfuscated via one central command-and-control system.
Second, EternalRocks becomes active after 24-hrs of its loading followed with downloading of SMB exploits with the malware searching online to find systems which respond while on TCP port 445.
» SPAMfighter News - 5/26/2017
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!