Miscreants have created a strain of malware that targets the same vulnerability as the infamous WannaCrypt worm.
EternalRocks worm uses flaws in the SMB Server Message Block (SMB) shares networking protocol to infect unpatched Windows systems. Unlike WannaCrypt, EternalRocks doesn't bundle a destructive malware payload, at least for now. The new nasty doesn't feature a kill switch domain either.
The new nasty bundles seven NSA created hacking tools compared to the two deployed to spread WannaCrypt, according to early analysis of the EternalRocks worm.
Matt Walmsley, EMEA Director, Vectra Networks, commented: “EternalRocks is the difficult second album from the community that gave us WannaCry. It’s darker, more refined, but targeting the same audience and more of their favourite NSA 'Shadow Broker' exploits. All in the hope that many people failed to patch after the WannaCry crisis."
“Left undetected, the EternalRocks worm can rapidly propagate across the internet and private networks by using the SMB file sharing protocol, infecting unpatched systems quickly, and without relying on duped users clicking on phishing email links," he added. ®