After WannaCry Ransomware EternalRocks Malware Just Found

Security researchers have detected one fresh worm which uses attack codes that got exposed from National Security Agency of USA after the damaging attack campaign of WannaCry ransomware.

Given the name EternalRocks, the worm similar as WannaCry exploits flawed applications of the file sharing service Server Message Block of Microsoft. Miroslav Stampar, penetration tester who is also a participant of CERT (computer emergency response team) of Croatia seized the worm's sample followed with putting up its analysis onto Github.

As EternalRocks stands today, there aren't any sinister elements in it; it isn't used to corrupt else lock files; nor does it utilize hijacked PCs for creating a botnet. Rather when it contaminates PCs, the machines become susceptible to remote instructions which are capable of weaponizing the contamination. The strength of EternalRocks is more than WannaCry, especially because there's no kill switch unlike in the case of the ransomware with which researchers contain it.

The other recent malware EternalBlue too takes 24-hrs to activate so that this delay foils efforts for examining it. There's been a surge of online assaults over the past ten days due to which organizations worldwide have been totally helpless. Indianexpress.com posted this, May 22, 2017.

EternalRocks hasn't proliferated too widely as yet, however, it is merely an instance of certain surge of fresh malicious software related to NSA-created attack codes. Already the consequences are serious with the possibility of getting worse. In the past ten days there's been a surge of online assaults due to which organizations worldwide have been wholly helpless. First, WannaCry disseminated via exploiting Windows security flaw for which Microsoft issued one patch during March. The malware locked data-files on contaminated computers through encryption followed with asking to pay ransom to decrypt them.

EternalRocks works in dual phases. First it contaminates un-patched Windows computers while pulls down more malware along with one TOR browser to make communications obfuscated via one central command-and-control system.

Second, EternalRocks becomes active after 24-hrs of its loading followed with downloading of SMB exploits with the malware searching online to find systems which respond while on TCP port 445.

» SPAMfighter News - 5/26/2017