Stories
Slash Boxes
Comments

SoylentNews is people

Bad Rabbit Used NSA “EternalRomance” Exploit to Spread, Researchers Say

posted by Fnord666 on Wednesday November 01 2017, @09:19PM   Printer-friendly
from the the-gift-that-keeps-on-giving dept.

MrPlow writes:

Submitted via IRC for SoyCow1

Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this exploit.

Source: https://arstechnica.com/information-technology/2017/10/bad-rabbit-used-nsa-eternalromance-exploit-to-spread-researchers-say/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Bad Rabbit Used NSA “EternalRomance” Exploit to Spread, Researchers Say | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Interesting) by Anonymous Coward on Thursday November 02 2017, @02:15AM

    by Anonymous Coward on Thursday November 02 2017, @02:15AM (#590839)

    Glad I always disable SMB and block the ports on my windows boxes!

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Total Score:   1