EternalRocks Worm Uses Same SMB Flaw in Windows like WannaCry

The WannaCry incident was just a beginning as now a new and more evolved malware lurks out there in the wild. No, it’s not Uiwix or Adylkuzz but more dangerous than all.

WannaCry, as you may already know, is a ransomware on the loose. It uses the NSA leaked tools EternalBlue and DoublePulsar and exploits the SMB vulnerability in Windows to hijack computers. Up till now, more than 200,000 computers have been hacked along with major system-level networks.

EternalRock – much stronger than WannaCry

EternalRock, as the name goes, is yet another worm that exploits the same SMB vulnerability in Windows as that exploited by WannaCry, but is much more advanced and sophisticated than WannaCry could ever be.

According to a report published by BleepingComputer, EternalRock is packed with up to eight hacking tools which again belong to the NSA. Unlike WannaCry, which only used two tools, EternalRock is a beast that can affect the unimaginable number of PCs and can have long-lasting effects on the entire cyber landscape.

The worm is still dormant

According to a security expert, the worm is not yet loaded with malware. That is, as of now, it does nothing. This is probably a good news since it is not being used to launch attacks right now. However, it is only a matter of time before the worm is made active and numerous attacks start emerging on the scene. Unfortunately, it is already out and there is no way in which it can be removed from the field.

This is one is smarter than WannaCry

While WannaCry made itself more evident and made it easier for security experts to track down what was happening, we are not to expect such generosity from EternalRock. This is because EternalRock is much subtle which simply lurks in your system after getting installed. It deliberately delays the infection, and as such, it is much harder to detect. Furthermore, the worm cannot be prevented from spreading just by registering a domain like in the case of WannaCry.

Updating your system is the only hope

Perhaps now is the time to get your system updated and install every security patch that Microsoft releases from now on. Given that Shadow Brokers – the hacker group which is originally responsible for leaking the NSA hacking tools – have stated that they will be leaking more tools, it is highly essential that users keep their systems constantly updated.

Furthermore, it recommended to keep a backup of your data and avoid installing apps which claim to provide protection against WannaCry or related malware. This is because such apps have adware and instead of protecting your system, they can do further damage to it. However, if your device has been infected with this nasty malware download ‘wannakiwi’ tool from here.

Image Credit: Shutterstock/Mint and Chips


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Total
0
Shares
Related Posts
New SystemBC malware targets Windows PCs by evading detection
Read More

New SystemBC malware targets Windows PCs by evading detection

While finding and removing malware on your computer system may indeed be a joyous moment, there's a new malware out there that will give you a headache instead. To know why, a dive through is needed into SystemBC, a malware written in C++ that has been discovered by researchers at Proofpoint and dubbed so because the word is a part of the URI path found in one of the malware's advertisements.