Stories
Slash Boxes
Comments

SoylentNews is people

New SMB Worm 'EternalRocks' Uses Seven NSA Hacking Tools -- WannaCry Used Just Two

posted by cmn32480 on Sunday May 21 2017, @01:34PM   Printer-friendly
from the ahhh-crap dept.

Fnord666 writes:

Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two.

The worm's existence first came to light on Wednesday, after it infected the SMB honeypot of Miroslav Stampar, member of the Croatian Government CERT, and creator of the sqlmap tool used for detecting and exploiting SQL injection flaws.

The worm, which Stampar named EternalRocks based on worm executable properties found in one sample, works by using six SMB-centric NSA tools to infect a computer with SMB ports exposed online. These are ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY, which are SMB exploits used to compromise vulnerable computers, while SMBTOUCH and ARCHITOUCH are two NSA tools used for SMB reconnaissance operations.

Once the worm has obtained this initial foothold, it then uses another NSA tool, DOUBLEPULSAR, to propagate to new vulnerable machines.

Source: BleepingComputer

Original Submission

 
This discussion has been archived. No new comments can be posted.
New SMB Worm 'EternalRocks' Uses Seven NSA Hacking Tools -- WannaCry Used Just Two | Log In/Create an Account | Top | 35 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by DECbot on Monday May 22 2017, @03:36PM

    by DECbot (832) on Monday May 22 2017, @03:36PM (#513538) Journal

    You're making a damn good argument to go back to analog and discrete digital components and forgo the reliance of software defined devices. Perhaps the current software everywhere model would make sense if all the devices required support contracts to keep them up to date. Consumers won't bite on that though. They will tend to go for the shiniest bobble for the price, support be damned. So perhaps low end and consumer models should stay analog while those willing to pay for the support contract can have the luxury of a software defined device. Realistically, that won't happen as the software genie is out of the bottle. The only why to bring security back to consumer devices is to require to hold the manufactures liable for defects and vulnerabilities. That will encourage manufactures to replace the cheap software defined devices back to analog/discrete components or expensive software defined devices that require support contracts after a initial "warranty" period. Having to write a monthly check to your thermostat is sure to ensure that it will keep working and also keep the company behind it from going out of business. I'll probably go back to the mercury switch--or write my own arduino sketch and keep the damn thing off my lawn the internet.

    --
    cats~$ sudo chown -R us /home/base
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2