The Broadband Guide
search advanced
 forgot password?

EternalRocks Worm Exploits 7 NSA Hacking Tools

2017-05-22 16:40 by
Tags: , ,


A few weeks after WannaCry ransomware started attacking users around the world, a new worm using NSA hacking tools has been discovered. This particular worm, called EternalRocks uses seven different NSA tools: EternalBlue, Eternalchampion, Eternalromance, Eternalsynergy, Doublepulsar, Architouch and SMBtouch.

EternalRocks worm uses flaws in the SMB Server Message Block (SMB) shares networking protocol to infect unpatched Windows systems. Unlike WannaCrypt, EternalRocks doesn't bundle a destructive malware payload, at least for now. The new nasty doesn't feature a kill switch domain either.

"For starters, EternalRocks is far more sneaky than WannaCry's SMB worm component. Once it infects a victim, the worm uses a two-stage installation process, with a delayed second stage," explained Bleeping Computer in their report.

During the first stage, EternalRocks installs TOR as a C&C communications channel. The second stage doesn’t begin immediately; instead, the C&C server waits 24 hours before responding with After that is unpacked, the EternalRocks worm begins scanning for open 445 ports on the internet and pushes the first stage of the malware through payloads.

According to Miroslav Stampar, who works at the Croatian Government's CERT:

"The worm is racing with administrators to infect machines before they patch. Once infected, he can weaponize any time he wants, no matter the late patch."

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About