A few days ago, we highlighted a new potential threat in the form of the EternalRocks SMB worm. What makes this worm so special is how it uses seven different NSA exploits to attack users. However, it looks as if this threat has come to an abrupt end, as the author of the malware has thrown in the towel. This does not mean the worm is no longer a potential threat, though, as it is unclear if the source code is out in the open.
EternalRocks Worm Developer Overwhelmed By Media Attention
It is evident a lot of media outlets – including The Merkle – have paid special attention to the EternalRocks SMB worm. That was only to be expected, as this malicious tool combined seven different NSA exploits to wreak havoc all over the world. Given the recent threat by the WannaCry ransomware, any malicious tool leveraging NSA tools is making quite a lot of media headlines these days.
Interestingly enough, it appears these media headlines have caused the EternalRocks SMB worm developer to get cold feet. More specifically, it seems the entire SMB worm operation has been shut down altogether all of a sudden. That is particularly good news for both security experts and consumers all over the world. However, this sudden change of heart also raises a lot of questions as to whether or not someone else has been given access to the source code in the process.
It appears the developer of EternalRocks has officially shut down the worm’s command & control server on Wednesday. To be more specific, the developer alerted everyone using the server’s web panel of how the worm is not ransomware, nor is it a real danger. EternalRocks was merely designed as a “game”, yet the overwhelming media coverage, made it seem like something the developer had never intended it to be. The worm itself has the capability of being weaponized through additional nefarious payloads, albeit that never actually happened.
What makes this whole ordeal even more interesting is how the MSB worm is still in circulation, albeit it only delivers a dummy executable. Once someone tries to run the executable in question, they will be greeted with an error message. Moreover, the current iteration of EternalRocks no longer downloads the shadowbrokers.zip exploit file, which means it can’t harm any computer. Moreover, even computers recently infected by this worm can no longer spread to other targets.
It is not the first time a developer of a nefarious tool suddenly shuts down the project without warning. Ransomware developers often tend to do so, mostly due to the growing media coverage or their tool becoming far less successful. Media coverage is not the ultimate goal for every internet criminal out there, that much is evident. Most criminals are in it for the publicity, yet the person responsible for the EternalRocks worm is not one of them.
The bigger question is whether or not someone got their hands on the EternalRocks source code. All of the NSA exploits used by this worm have been released by the Shadow Brokers already in the past few months. It wouldn’t take much effort to build a similar tool and weaponize it with a malware or a ransomware payload in the process. Any tool exploiting SMB weaknesses found in the Windows operating system should not be dismissed easily, even if the developer gives up on the project.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.