Security News New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

D

Deleted member 178

Thread author
Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two.

The worm's existence first came to light on Wednesday, after it infected the SMB honeypot of Miroslav Stampar, member of the Croatian Government CERT, and creator of the sqlmap tool used for detecting and exploiting SQL injection flaws.
Click to expand...


note those lines:
During the first stage, EternalRocks gains a foothold on an infected host, downloads the Tor client, and beacons its C&C server, located on a .onion domain, the Dark Web.

Only after a predefined period of time — currently 24 hours — does the C&C server respond. The role of this long delay is most probably to bypass sandbox security testing environments and security researchers analyzing the worm, as very few will wait a full day for a response from the C&C server.
Click to expand...

Very smart...
 
Last edited by a moderator:
  • Like
Reactions: DJ Panda, Fritz, shmu26 and 12 others
S

soccer97

Level 11
Verified
May 22, 2014
517
Geze, Microsoft get to work and start pushing out patches or at least a temporary stopgap - Sometimes it can take them a really long time to release patches (or stopgaps) for vulns that they know about.

This is just my personal opinion.
 
  • Like
Reactions: Venustus, MiguelPratas819 and frogboy
M

MiguelPratas819

Level 2
Verified
Jul 8, 2015
80
soccer97 said:
Geze, Microsoft get to work and start pushing out patches or at least a temporary stopgap - Sometimes it can take them a really long time to release patches (or stopgaps) for vulns that they know about.

This is just my personal opinion.
Click to expand...
I know microsoft takes long time to fix known vulnerabilities but we need to have in mind that some vulnerabilities take time to fix even for a company of microsoft caliber because sometimes when changing code you have to change how things work. Now in this NSA thing specifically i wouldn´t blame microsoft but those who held back this security issues, maybe if they were reported earlier this wouldnt happen so easily.
 
  • Like
Reactions: soccer97, askmark and Handsome Recluse
D

Deleted member 178

Thread author
Problem is that those "vulnerabilities" aren't vulnerabilities, MS can't remove SMB1.0 because some lazy and stingy companies don't upgrade their hardwares and still use those obsolete protocols...you can't blame MS when its users don't behave properly...
 
  • Like
Reactions: soccer97 and DJ Panda
Atlas147

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Using more exploits might not be as bad as using less, it really depends if the malware needs all 7 of these exploits to work.

Imagine if it does, then just patching 1 of the 7 vulnerabilities would render this malware useless.

MS should patch all 7 vulnerabilities nonetheless.
 
  • Like
Reactions: soccer97 and shmu26
DJ Panda

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
soccer97 said:
Geze, Microsoft get to work and start pushing out patches or at least a temporary stopgap - Sometimes it can take them a really long time to release patches (or stopgaps) for vulns that they know about.

This is just my personal opinion.
Click to expand...

It really isn't MS's fault at all. NSA should have reported the vulrabilities to MS rather then endanger hospitals..
 
You must log in or register to reply here.

Similar threads

upnorth
    • Like
    • +Reputation
WannaCry – The Worm That Just Won’t Die
Replies
4
Views
2,327
News Archive
ForgottenSeer 76546
F
upnorth
    • Like
    • Wow
Eternally Blue : Baltimore City Leaders Blame NSA for Ransomware Attack
Replies
11
Views
2,759
News Archive
Burrito
Burrito
Solarquest
    • Like
Security News New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two
Replies
0
Views
1,455
News Archive
Solarquest
Solarquest

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top