Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

7 NSA hack tool wielding follow-up worm oozes onto scene: Hello, no need for any phish!

Why can't you be like a cheerful HHGTTG dolphin overlord?

John Leyden Mon 22 May 2017  //  15:01 UTC

Miscreants have created a strain of malware that targets the same vulnerability as the infamous WannaCrypt worm.

EternalRocks worm uses flaws in the SMB Server Message Block (SMB) shares networking protocol to infect unpatched Windows systems. Unlike WannaCrypt, EternalRocks doesn't bundle a destructive malware payload, at least for now. The new nasty doesn't feature a kill switch domain either.

The new nasty bundles seven NSA created hacking tools compared to the two deployed to spread WannaCrypt, according to early analysis of the EternalRocks worm.

Matt Walmsley, EMEA Director, Vectra Networks, commented: “EternalRocks is the difficult second album from the community that gave us WannaCry. It’s darker, more refined, but targeting the same audience and more of their favourite NSA 'Shadow Broker' exploits. All in the hope that many people failed to patch after the WannaCry crisis."

“Left undetected, the EternalRocks worm can rapidly propagate across the internet and private networks by using the SMB file sharing protocol, infecting unpatched systems quickly, and without relying on duped users clicking on phishing email links," he added. ®
Send us news
18 Comments

Massive browser hijacking campaign infects 2.3M Chrome, Edge users

These extensions weren't malware-laced from the start, researcher says

Beware of fake SonicWall VPN app that steals users' credentials

A good reminder not to download apps from non-vendor sites

Minecraft cheaters never win ... but they may get malware

Infostealers posing as popular cheat tools are cropping up on GitHub

Sneaky Serpentine#Cloud slithers through Cloudflare tunnels to inject orgs with Python-based malware

Phishing, Python and RATs, oh my

DeepSeek installer or just malware in disguise? Click around and find out

'BrowserVenom' is pure poison

Dems demand audit of CVE program as Federal funding remains uncertain

PLUS: Discord invite links may not be safe; Miscreants find new way to hide malicious JavaScript; and more!

Asia dismantles 20,000 malicious domains in infostealer crackdown

Interpol coordinates operation, nabs 32 across Vietnam, Sri Lanka, and Nauru

CISO who helped unmask Badbox warns: Version 3 is coming

The botnet’s still alive and evolving

Fresh strain of pro-Russian wiper flushes Ukrainian critical infrastructure

Destructive malware has been a hallmark of Putin's multi-modal war

Uncle Sam puts $10M bounty on RedLine dev and Russia-backed cronies

Any info on Maxim Rudometov and his associates? There's $$$ in it for you

More than a hundred backdoored malware repos traced to single GitHub user

Someone went to great lengths to prey on the next generation of cybercrooks

Lumma infostealer takedown may have inflicted only a flesh wound as crew keeps pinching and selling data

PLUS: Ransomware gang using tech support scam; Czechia accuses China of infrastructure attack; And more!