EternalRocks Worm More Powerful Than WannaCry SMB Worm - How to, Technology and PC Security Forum | SensorsTechForum.com
NEWS

EternalRocks Worm More Powerful Than WannaCry SMB Worm

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by EternalRocks Worm and other threats.
Threats such as EternalRocks Worm may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Remember the leaks of exploits used by the WannaCry SMB worm that cause more than 240,000 detections in 48 hours? If you do, you’d remember they were named EternalBlue and DoublePulsar. A new worm has appeared, carrying the name EternalRocks and it has the capability to be even more brutal than the one which was used to replicate WannaCry ransomware and infect computers in a massive outbreak.

EternalRocks and Its Capabilities

Unlike the worm that is used to spread WannaCry ransomware which uses 2 exploits based on the SMB services in Windows operating system, the EternalRocks worm uses 7 of the exploits leaked by TheShadowBrokers in early 2017. The exploits which were SMB-oriented in the leak are the following:

  • EternalBlue
  • EternalChampion
  • EternalRomance
  • EternalSynergy

In addition to those direct SMB exploits, EternalRocks also uses the exploits deployed for information gathering, known as:

  • SMBTouch
  • ARCHITouch

The worm also uses the DoublePulsar used by the SMB worm in order to keep spreading to other machines that haven’t patched yet.

The difference between the two worms is the significantly higher number of exploits that are used to infect a computer, meaning that if the EternalRocksworm was released instead of the SMB worm, significantly higher amount of computers could have been infected with WannaCry ransomware (over 240,000 infections).

However, there is also the fact that the EternalRocks worm uses a more delayed infection process, because it has two stages of installing itself on a given computer.

Malware researchers feel convinced that this delay is caused by multiple different activities that aim to obfuscate the worm while it infects the computers.

At the moment, EternalRocks is completely harmless because it Is not activated and many of the Windows computers are supposedly upgraded after the massive WannaCry outbreak occurred 1 week ago.

However, the worm has a feature that is lacking in the SMB worm used to spread WannaCry and that feature is to be able to spread without a so-called “kill switch” web domain. Such domain was stopped by the malware researcher with the nickname MalwareTech (@MalwareTechBlog) in Twitter. If this worm is released, the only thing preventing it would be to have your Windows system fully upgraded with the latest security patches, since there is no way for malware researchers to stop it. Many feel convinced that most ransomware cyber-criminals would want to get their hands on this worm, so we recommend to stay safe and learn how to keep your data secure before the inevitable happens.

Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...