paoloaztig
Merry Christmas !!!
- Joined
- Aug 15, 2015
- Posts
- 10,684
- Reaction
- 41,367
- Points
- 6,029
WannaCry has a new highly malicious successor, which has been identified asYou do not have permission to view the full content of this post.
Log in or register now. via SMB (Server Message Block). However, unlike WannaCry, which leveraged two of the leaked alleged NSA häçking tools, EternalRocks uses seven of the You do not have permission to view the full content of this post.
Log in or register now..
The worm is highly potent, so much so that the security researcher who first discovered it – You do not have permission to view the full content of this post. Log in or register now., a member of the Croatian Government CERT – originally wanted to name it the DoomsDayWorm. Although EternalRocks shares several You do not have permission to view the full content of this post. Log in or register now., it has been designed to function far more secretly, in order to ensure that it remains undetectable.
EternalRocks uses 7 häçking tools and is more complex
EternalRocks uses six of the NSA's SMB-based cyber tools to infect systems. BleepingComputer reported that the NSA tools used by the worm are EternalBlue, EternalChampion, EternalSynergy and EternalRomance – all of which are SMB exploits used to häçk into computers. The worm also leverages the two NSA SMB reconnaissance tools SMBTouch and ArchTouch to spy on infected computers. Finally, the worm spreads to other vulnerable systems using You do not have permission to view the full content of this post. Log in or register now..
The NSA tools were leaked by the Shadow Brokers häçker group in April, who, in the wake of the WannaCry attacks, threatened to dump ever more cyberweapons in the coming months. Security experts linked one of the exploits leaked by the Shadow Brokers called EternalBlue to the WannaCry attacks. Even as security researchers grappled with the ransomware outbreak and stop further such attacks, Microsoft publicly slammed the NSA over its practice of stockpiling cyberweapons, blaming it for the widespread ransomware attacks.
According to Bleeping Computer's report, although EternalRocks does not currently spread malicious content and can be considered less dangerous than WannaCry, it is far more dangerous than its predecessor, according to Stampar.
EternalRocks uses a two-stage installation process as part of its attack, with the second stage coming with a delayed initiation. This is so the worm can function even more secretively and avoid detection.
During the first stage, EternalRocks infects a system, downloads Tor and beacons its C&C (command and control) server located on the Tor network, in the dark web. The second stage of the attack begins after 24 hours, when the C&C server responds. This delayed attack technique has likely been incorporated to hoodwink security experts analysing the worm.
Additionally, infected computers keep running DoublePulsar, which comes with a backdoor feature. The attackers have not taken measures to protect the DoublePulsar implant, which is currently running in a default and unprotected state. This means that other häçkers could also use the backdoor to compromise systems already infected by EternalRocks to install further malware.
EternalRocks has no kill switch and can be weaponised
The worm can potentially be instantaneously weaponised with ransomware, banking Trojans or RATs, since it uses a broader range of exploits. Although the worm currently appears to be in the development and testing stage, the danger of this new attack technique becoming the next major cyber threat remains very real.
More importantly, EternalRocks unlike WannaCry, does You do not have permission to view the full content of this post. Log in or register now., which was what security experts used to You do not have permission to view the full content of this post. Log in or register now.. This means that at present, there is no simple way to stop potential EternalRocks attacks.
SMB vulnerabilities have been increasingly targeted by häçkers recently to launch large-scale attacks. New cyber threats leveraging SMB flaws continue to emerge everyday. It is therefore essential that systems be patched immediately to run the most recent and updated version of operating system.
"The worm is racing with administrators to infect machines before they ρá†ch," Stampar told Bleeping Computer in a private conversation. "Once infected, he can weaponise any time he wants, no matter the late ρá†ch."
http://www.ibtimes.co.uk/what-etern...mb-worm-that-uses-7-nsa-häçking-tools-1622675
You do not have permission to view the full content of this post. Log in or register now.
http://thehäçkernews.com/2017/05/smb-windows-häçking-tools.html
You do not have permission to view the full content of this post. Log in or register now.
The worm is highly potent, so much so that the security researcher who first discovered it – You do not have permission to view the full content of this post. Log in or register now., a member of the Croatian Government CERT – originally wanted to name it the DoomsDayWorm. Although EternalRocks shares several You do not have permission to view the full content of this post. Log in or register now., it has been designed to function far more secretly, in order to ensure that it remains undetectable.
EternalRocks uses 7 häçking tools and is more complex
EternalRocks uses six of the NSA's SMB-based cyber tools to infect systems. BleepingComputer reported that the NSA tools used by the worm are EternalBlue, EternalChampion, EternalSynergy and EternalRomance – all of which are SMB exploits used to häçk into computers. The worm also leverages the two NSA SMB reconnaissance tools SMBTouch and ArchTouch to spy on infected computers. Finally, the worm spreads to other vulnerable systems using You do not have permission to view the full content of this post. Log in or register now..
The NSA tools were leaked by the Shadow Brokers häçker group in April, who, in the wake of the WannaCry attacks, threatened to dump ever more cyberweapons in the coming months. Security experts linked one of the exploits leaked by the Shadow Brokers called EternalBlue to the WannaCry attacks. Even as security researchers grappled with the ransomware outbreak and stop further such attacks, Microsoft publicly slammed the NSA over its practice of stockpiling cyberweapons, blaming it for the widespread ransomware attacks.
According to Bleeping Computer's report, although EternalRocks does not currently spread malicious content and can be considered less dangerous than WannaCry, it is far more dangerous than its predecessor, according to Stampar.
EternalRocks uses a two-stage installation process as part of its attack, with the second stage coming with a delayed initiation. This is so the worm can function even more secretively and avoid detection.
During the first stage, EternalRocks infects a system, downloads Tor and beacons its C&C (command and control) server located on the Tor network, in the dark web. The second stage of the attack begins after 24 hours, when the C&C server responds. This delayed attack technique has likely been incorporated to hoodwink security experts analysing the worm.
Additionally, infected computers keep running DoublePulsar, which comes with a backdoor feature. The attackers have not taken measures to protect the DoublePulsar implant, which is currently running in a default and unprotected state. This means that other häçkers could also use the backdoor to compromise systems already infected by EternalRocks to install further malware.
EternalRocks has no kill switch and can be weaponised
The worm can potentially be instantaneously weaponised with ransomware, banking Trojans or RATs, since it uses a broader range of exploits. Although the worm currently appears to be in the development and testing stage, the danger of this new attack technique becoming the next major cyber threat remains very real.
More importantly, EternalRocks unlike WannaCry, does You do not have permission to view the full content of this post. Log in or register now., which was what security experts used to You do not have permission to view the full content of this post. Log in or register now.. This means that at present, there is no simple way to stop potential EternalRocks attacks.
SMB vulnerabilities have been increasingly targeted by häçkers recently to launch large-scale attacks. New cyber threats leveraging SMB flaws continue to emerge everyday. It is therefore essential that systems be patched immediately to run the most recent and updated version of operating system.
"The worm is racing with administrators to infect machines before they ρá†ch," Stampar told Bleeping Computer in a private conversation. "Once infected, he can weaponise any time he wants, no matter the late ρá†ch."
http://www.ibtimes.co.uk/what-etern...mb-worm-that-uses-7-nsa-häçking-tools-1622675
You do not have permission to view the full content of this post. Log in or register now.
http://thehäçkernews.com/2017/05/smb-windows-häçking-tools.html
You do not have permission to view the full content of this post. Log in or register now.
