Categories: NewsSecurity

EternalRocks Worm Uses Six NSA-developed SMB Exploits to Infect Computers

The NSA vulnerabilities related to the Windows SMB exploit have proven to be quite problematic. Multiple types of ransomware are exploiting this issue with an astonishing rate of success so far. Unfortunately, it appears this vulnerability has also spawned a new worm spreading through the SMB protocol. This particular worm uses seven different NSA tools to cause as much havoc as possible. Rest assured this is only a sign of what is yet to come.

SMB Worm is A Very Big Problem For Windows Users

For the people who believed the WannaCry ransomware was the biggest concern, reality has a funny way of making things a lot worse than originally assumed. A new Windows worm is making use of the same SMB exploits abused by the WannaCry ransomware and a few other types of malicious software which have come to market in its wake. This new worm proves to be quite a big problem, though.

To be more specific, the worm makes use of not just two recently disclosed NSA exploits, but seven. WannaCry looks like a very small threat compared to the havoc this SMB worm is capable of causing right now. For the time being, researchers have dubbed this worm as “EternalRocks,” and it uses six different SMB-centric NSA tools to infected computers all over the world.

As one would expect, the EternalBlue exploit is one of the vulnerabilities, together with a few other exploits the

Related Post
NSA has developed in-house over the past few years. As soon as EternalRocks successfully infected a computer, it uses a seventh NSA exploit – dubbed DOUBLEPULSAR – to spread itself to other vulnerable machines. Stopping this worm in its tracks will be an incredibly difficult task, to say the least.

While security researchers agree EternalRocks is far more complex, they also seem to think this SMB worm is far less dangerous. It does not deliver malicious content such as ransomware or a keylogger right now, although that may only be a matter of time until this changes. It also appears the EternalRocks worm uses a Tor-based command & control server to communicate with once it successfully infected a computer. The response from this server will come 24 hours after the infected host sent information to the server. This delay should help bypass sandbox security.

Unfortunately, it doesn’t appear this SMB worm comes with a kill switch domain security researchers can use to shut it down. That could prove to be quite a problematic development, as stopping a worm with the potential of infecting millions of computers in a short amount of time only becomes more difficult now. Things will only get worse once this worm gets weaponized with a malicious payload. Rest assured some criminals will look to exploit this potential in the future.

Thinking EternalRocks is harmless is one of the biggest mistakes security experts can make right now. The current iteration does not come with a malicious payload, but it is also clearly a sample of what may come in the future. The DOUBLEPULSAR exploit can be used by other assailants who want to gain backdoor access to computers. It is evident the SMB protocol is causing a lot of security problems for Windows users right now, and solving this problem will prove to be a major challenge.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

2 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

2 hours ago

IntelMarkets (INTL) Receives Massive Demand From Chainlink And SUI Investors Looking To Position For The Best Bull Run Gains

As the cryptocurrency market gears up for a bull run, IntelMarkets (INTL) is attracting significant…

3 hours ago

FOMO Selling Trigger $1 Billion Liquidations as LINK & SOL Bleed Heavily; What to Do Next?

In the past, Chainlink (LINK) and Solana (SOL) have been among the most discussed altcoins…

8 hours ago

Qubetics $7.4M Presale Revolutionises Blockchain as Bitcoin and Chainlink Drive Innovation: Best Cryptos to Buy for 2025

The crypto market is abuzz with excitement as 2025 approaches. While Bitcoin continues to dominate…

14 hours ago

Best Altcoins to Buy Today: Why Qubetics’ Presale Could Be the Best Investment Opportunity of 2024

The cryptocurrency market never sleeps, and every day feels like an adventure. From household names…

20 hours ago