EternalRocks - more dangerous malicious code than WannaCry exploits up to seven NSA vulnerabilities
Network security researchers have confirmed the emergence of a new malicious code called EternalRocks, which exploits seven NSA vulnerabilities that have been leaked by Shadow Brokers hacker group. Experts describe this computer worm as "the end of the world" that can cause vibration.
Earlier this month, ransomware WannaCry caused many organizations to stop working when they invaded more than 300,000 computers in more than 150 countries around the world. While WannaCry only exploited two vulnerabilities, EternalBlue and DoublePulsar, EternalRocks exploited 7 vulnerabilities : EtenalBlue, DoublePulsar, EternalChampion, EternalRomance, EternalSynerg, ArchiTouch and SMBTouch. All of them were leaked tools from the Shadow Brokers group.
Miroslav Stampar, cyber security expert at Croatia's CERT, was the first to discover EternalRocks on Wednesday. He wrote a description on GitHub that the first evidence for its appearance dates from May 3. You can find out about Stampar's EternalRocks report on GitHub at: https://github.com/stamparm/EternalRocks
Most tools exploit vulnerabilities through file-sharing technology on PCs called Microsoft Windows Server Message Block, which is how WannaCry infects very quickly without anyone knowing. Microsoft patched these vulnerabilities in March, but many un-updated computers are still infected.
Unlike WannaCry, just a blackmail, EternalRocks stays dormant and hidden on the computer.EternalRocks uses a two-stage installation process , in which the second stage will have a slight delay. At the first stage, EternalRocks will infect the system, download the Tor anonymous browser and connect to the C&C (Command and Control) server located in the Tor network. Within 24 hours, it will not calm down. But then, in the second phase, C&C server started responding, downloading and copying. It also means that security experts who want to know more information to study malicious code will be delayed by 1 day. EternalRocks will then scan and find machines that have vulnerabilities to continue to penetrate.
Mr. Micharl Patterson, CEO at security company Plixer said: " By delaying it, malicious code works stealthily and makes the race to detect and prevent it more difficult . "
Stampar said the malware even named after WannaCry to fool cyber security experts. Like the dangerous variants of WannaCry, EternalRocks has no kill switch , the tool has helped prevent the early WannaCry, so it is not easy to block it.
While infecting more and more computers, EternalRocks is still lying dormant. Stampar warned it could attack at any time, similar to the way WannaCry surprised the cyber security community when simultaneously infecting thousands of computers. Because of its characteristics, users also do not know if the device is infected with EternalRocks. It is unclear what kind of attack EternalRocks will have, Plixer said that it might turn into ransomware or trojans to attack.
You should read it
- Summary of effective Anti-Ransomware software
- WannaCry remains one of the most dangerous global security threats
- 2 effective and free ways to check WannaCry
- Download the free WannaCry malware checker now
- WannaCry is a year old, EternalBlue is bigger than you think
- How to identify WannaCry malicious code from Vietnam Computer Emergency Response Center (VNCERT)
- Warning with 4 dangerous variants of WannaCry malware
- How to remove / fix ransomware WannaCry
May be interested
- How to handle the emergency WannaCry malicious code from the National Information Security Departmentthe information security department has issued guidelines for emergency handling of wannacry extortion codes for users as well as organizations and businesses to avoid damage caused by this malicious code. vietnam is currently on the list of 20 countries attacked by this malicious code.
- The hero preventing WannaCry faces 10 penalties related to malicious codemarcur hutchins, a british security expert who once set up a bar to prevent the spread of wannacry virus last year, now faces allegations of malicious code.
- 'Hero WannaCry' pleaded guilty to writing malicious attacks on the banking network, facing a 10-year prison termmarcus hutchins, a prominent security researcher with an important role to help prevent wannacry malware attacks in 2017, affected more than 75,000 computers of 150 countries.
- Find bug in Emotet malware, prevent it from spreading for 6 monthsaccording to researcher james quinn of the security firm binary defense, like other software, malicious code also has vulnerabilities, error codes. hackers can exploit software vulnerabilities to cause harm, security experts can also decompile the source code of malicious code to find the vulnerability to exploit and defeat the malicious code.
- How to recover data encrypted by WannaCry malicious codewannakiwi is a wannacry decoding tool that can retrieve all data after being attacked by malicious code wannacry and delete data.
- 100 hackers were arrested for the super-dangerous BlackShades malicious codethe authorities seized more than 1,000 computers, smartphones and hard drives in a large-scale campaign to take down blackshades, a malicious code that the security community is extremely sophisticated, dangerous and has an attack on. terrible
- Detects code execution vulnerabilities in WinRAR, noting more than 100 infringement casesa code execution vulnerability in winrar has been exploited more than 100 times separately by hackers in the first week since it was revealed, and it is expected that this number will continue to increase in the future.
- 2 effective and free ways to check WannaCryyou are worried whether your computer is infected with wannacry ransomware, how to know if there are any vulnerabilities in the system as well as how to check wannacry malware. how to check wannacry or check ransomware wannacry effectively and for free with bkav checkwancry and vnist scanner tools will help you do that.
- What is Exploit?computer exploits or exploits are an attack taking advantage of a specific vulnerability on the system to help attackers infiltrate the computer.
- Top 10 most dangerous malicious codes in Aprilsophos has announced the list of the most dangerous and distributed malicious code in april. last month saw a number of new names appear and dominate the rankings.