Security News New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

D

Deleted member 178

Thread author
Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two.

The worm's existence first came to light on Wednesday, after it infected the SMB honeypot of Miroslav Stampar, member of the Croatian Government CERT, and creator of the sqlmap tool used for detecting and exploiting SQL injection flaws.


note those lines:
During the first stage, EternalRocks gains a foothold on an infected host, downloads the Tor client, and beacons its C&C server, located on a .onion domain, the Dark Web.

Only after a predefined period of time — currently 24 hours — does the C&C server respond. The role of this long delay is most probably to bypass sandbox security testing environments and security researchers analyzing the worm, as very few will wait a full day for a response from the C&C server.

Very smart...
 
Last edited by a moderator:

soccer97

Level 11
Verified
May 22, 2014
517
Geze, Microsoft get to work and start pushing out patches or at least a temporary stopgap - Sometimes it can take them a really long time to release patches (or stopgaps) for vulns that they know about.

This is just my personal opinion.
 

MiguelPratas819

Level 2
Verified
Jul 8, 2015
80
Geze, Microsoft get to work and start pushing out patches or at least a temporary stopgap - Sometimes it can take them a really long time to release patches (or stopgaps) for vulns that they know about.

This is just my personal opinion.
I know microsoft takes long time to fix known vulnerabilities but we need to have in mind that some vulnerabilities take time to fix even for a company of microsoft caliber because sometimes when changing code you have to change how things work. Now in this NSA thing specifically i wouldn´t blame microsoft but those who held back this security issues, maybe if they were reported earlier this wouldnt happen so easily.
 
D

Deleted member 178

Thread author
Problem is that those "vulnerabilities" aren't vulnerabilities, MS can't remove SMB1.0 because some lazy and stingy companies don't upgrade their hardwares and still use those obsolete protocols...you can't blame MS when its users don't behave properly...
 

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
Using more exploits might not be as bad as using less, it really depends if the malware needs all 7 of these exploits to work.

Imagine if it does, then just patching 1 of the 7 vulnerabilities would render this malware useless.

MS should patch all 7 vulnerabilities nonetheless.
 
  • Like
Reactions: soccer97 and shmu26

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
Geze, Microsoft get to work and start pushing out patches or at least a temporary stopgap - Sometimes it can take them a really long time to release patches (or stopgaps) for vulns that they know about.

This is just my personal opinion.

It really isn't MS's fault at all. NSA should have reported the vulrabilities to MS rather then endanger hospitals..
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top