Posted May 23, 2017 EternalRocks, a new variant of malware leveraging the previously NSA-hoarded vulnerabilities that were dropped by the Shadow Brokers, has been seen making its rounds in the wild. This one could be a bit nastier than the big WCRY/WannaCry malware that blew up recently in the way it spreads. It uses the DoublePulsar, ArchiTouch, and SMBTouch tools. "Miroslav Stampar – a member of the Croatian Government CERT and author of the sqlmap tool used to detect and exploit SQL injection vulnerabilities – detected a new worm that exploits Windows Server Message Block (SMB) vulnerabilities. He named it EternalRocks and said it uses six SMB-specific NSA tools to spread, whereas WannaCry used only two to infect hundreds of thousands of computers across the globe. " "At this point, the malware doesn’t appear to be dropping ransomware or any other payload. But it could be paving the way for a future attack. " https://nakedsecurity.sophos.com/2017/05/22/after-wannacry-eternalrocks-digs-deeper-into-the-nsas-exploit-toolbox/ https://github.com/stamparm/EternalRocks Bottom line, keep your security patches up to date and use some common sense when it comes to email attachments. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...