Stories
Slash Boxes
Comments

SoylentNews is people

Bad Rabbit Used NSA “EternalRomance” Exploit to Spread, Researchers Say

posted by Fnord666 on Wednesday November 01 2017, @09:19PM   Printer-friendly
from the the-gift-that-keeps-on-giving dept.

MrPlow writes:

Submitted via IRC for SoyCow1

Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this exploit.

Source: https://arstechnica.com/information-technology/2017/10/bad-rabbit-used-nsa-eternalromance-exploit-to-spread-researchers-say/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Bad Rabbit Used NSA “EternalRomance” Exploit to Spread, Researchers Say | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday November 02 2017, @07:34PM

    by Anonymous Coward on Thursday November 02 2017, @07:34PM (#591276)

    What? NFS is pretty damn easy to set up, the only drawback is it only works with nixes. I've got no degree, no car, no house, no wife, a couple F's, and I can figure it out...