Jump to content

EternalRocks Malware

PineyCreek
By PineyCreek
in Tech News
 Share
Posted

EternalRocks, a new variant of malware leveraging the previously NSA-hoarded vulnerabilities that were dropped by the Shadow Brokers, has been seen making its rounds in the wild.  This one could be a bit nastier than the big WCRY/WannaCry malware that blew up recently in the way it spreads.  It uses the DoublePulsar, ArchiTouch, and SMBTouch tools.

 

"Miroslav Stampar – a member of the Croatian Government CERT and author of the sqlmap tool used to detect and exploit SQL injection vulnerabilities – detected a new worm that exploits Windows Server Message Block (SMB) vulnerabilities. He named it EternalRocks and said it uses six SMB-specific NSA tools to spread, whereas WannaCry used only two to infect hundreds of thousands of computers across the globe. "

 

"At this point, the malware doesn’t appear to be dropping ransomware or any other payload. But it could be paving the way for a future attack. "

 

https://nakedsecurity.sophos.com/2017/05/22/after-wannacry-eternalrocks-digs-deeper-into-the-nsas-exploit-toolbox/

 

https://github.com/stamparm/EternalRocks

 

Bottom line, keep your security patches up to date and use some common sense when it comes to email attachments.

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/
Share on other sites
Link to post
Share on other sites
Posted

Time to backup my array again. 

Magical Pineapples


 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9875703
Share on other sites
Link to post
Share on other sites
Posted

Wannacry V4, preparing for take off!

One day I will be able to play Monster Hunter Frontier in French/Italian/English on my PC, it's just a matter of time... 4 5 6 7 8 9 12 years later: It's finally coming!!! I don't care anymore

Phones: iPhone 4S/SE | LG V10 | Lumia 920 | Samsung S24 Ultra

Laptops: Macbook Pro 15" (mid-2012) | Compaq Presario V6000

Other: Steam Deck

<>EVs are bad, they kill the planet and remove freedoms too some/<>

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9875816
Share on other sites
Link to post
Share on other sites
Posted

i don't think they even know how it spreads, if you find a pc that has it completely isolate it, and never ever ever plug anything from that machine into another machine until we know more. there has been a shitton of eternalblue malwares floating around after the NSA leak, like literally 3 or 4 before the first iteration of wannacry v1 even launched.
https://thehackernews.com/2017/05/eternalblue-smb-exploit.html

 

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9875833
Share on other sites
Link to post
Share on other sites
Posted

Meanwhile I'm still waiting to get my hands on a v2 infected laptop (courier should drop by this week I think).

Time to release some VMs into the wild and catch me some bugs!

Remember kids, the only difference between screwing around and science is writing it down. - Adam Savage

 

PHOΞNIX Ryzen 5 1600 @ 3.75GHz | Corsair LPX 16Gb DDR4 @ 2933 | MSI B350 Tomahawk | Sapphire RX 480 Nitro+ 8Gb | Intel 535 120Gb | Western Digital WD5000AAKS x2 | Cooler Master HAF XB Evo | Corsair H80 + Corsair SP120 | Cooler Master 120mm AF | Corsair SP120 | Icy Box IB-172SK-B | OCZ CX500W | Acer GF246 24" + AOC <some model> 21.5" | Steelseries Apex 350 | Steelseries Diablo 3 | Steelseries Syberia RAW Prism | Corsair HS-1 | Akai AM-A1

D.VA coming soon™ xoxo

Sapphire Acer Aspire 1410 Celeron 743 | 3Gb DDR2-667 | 120Gb HDD | Windows 10 Home x32

Vault Tec Celeron 420 | 2Gb DDR2-667 | Storage pending | Open Media Vault

gh0st Asus K50IJ T3100 | 2Gb DDR2-667 | 40Gb HDD | Ubuntu 17.04

Diskord Apple MacBook A1181 Mid-2007 Core2Duo T7400 @2.16GHz | 4Gb DDR2-667 | 120Gb HDD | Windows 10 Pro x32

Firebird//Phoeniix FX-4320 | Gigabyte 990X-Gaming SLI | Asus GTS 450 | 16Gb DDR3-1600 | 2x Intel 535 250Gb | 4x 10Tb Western Digital Red | 600W Segotep custom refurb unit | Windows 10 Pro x64 // offisite backup and dad's PC

 

Saint Olms Apple iPhone 6 16Gb Gold

Archon Microsoft Lumia 640 LTE

Gulliver Nokia Lumia 1320

Werkfern Nokia Lumia 520

Hydromancer Acer Liquid Z220

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9875844
Share on other sites
Link to post
Share on other sites
Posted

*sigh* time to start using my air-gapped Windows ME machines. Though the lack of SMP really hurts my best rig.

           .;ldkO0000Okdl;.                michael@SUSE-BlackBox
        .;d00xl:^''''''^:ok00d;.            OS: openSUSE 20260405
      .d00l'                'o00d.          Kernel: x86_64 Linux 6.19.11-1-default
    .d0K^'  Okxoc;:,.          ^O0d.        Uptime: 2d 21h 52m
   .OVVAK0kOKKKKKKKKKKOxo:,      lKO.       Packages: 6556
  ,0VVAKKKKKKKKKKKKK0P^,,,^dx:    ;00,      Shell: bash 5.3.9
 .OVVAKKKKKKKKKKKKKk'.oOPPb.'0k.   cKO.     Resolution: 3840x1080
 :KVAKKKKKKKKKKKKKK: kKx..dd lKd   'OK:     DE: KDE
 lKlKKKKKKKKKOx0KKKd ^0KKKO' kKKc   lKl     WM: KWin
 lKlKKKKKKKKKK;.;oOKx,..^..;kKKK0.  lKl     GTK Theme: Breeze-Dark [GTK2], Breeze [GTK3]
 :KAlKKKKKKKKK0o;...^cdxxOK0O/^^'  .0K:     Icon Theme: breeze-dark
  kKAVKKKKKKKKKKKK0x;,,......,;od  lKP      Disk: 13T / 22T (60%)
  '0KAVKKKKKKKKKKKKKKKKKK00KKOo^  c00'      CPU: AMD Ryzen 7 5800X3D 8-Core @ 16x 4.55295GHz
   'kKAVOxddxkOO00000Okxoc;''   .dKV'       GPU: AMD Radeon RX 6700 XT (radeonsi, navi22, ACO, DRM 3.64, 6.19.11-1-default)
     l0Ko.                    .c00l'        RAM: 13127MiB / 48094MiB
      'l0Kk:.              .;xK0l'          
         'lkK0xc;:,,,,:;odO0kl'             
             '^:ldxkkkkxdl:^'    
 

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9875848
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Prysin said:

Thanks Obama

 

Spoiler

Quiet Whirl | CPU: AMD Ryzen 7 3700X Cooler: Noctua NH-D15 Mobo: MSI B450 TOMAHAWK MAX RAM: HyperX Fury RGB 32GB (2x16GB) DDR4 3200 Mhz Graphics card: MSI GeForce 3080 GAMING Z TRIO PSU: Corsair RMx Series RM750x Case: Be quiet! Pure Base 600

 

Buffed HPHP ProBook 430 G4 | CPU: Intel Core i3-7100U RAM: 4GB DDR4 2133Mhz GPU: Intel HD 620 SSD: Some 128GB M.2 SATA

 

Retired:

Melting plastic | Lenovo IdeaPad Z580 | CPU: Intel Core i7-3630QM RAM: 8GB DDR3 GPU: nVidia GeForce GTX 640M HDD: Western Digital 1TB

The Roaring Beast | CPU: Intel Core i5 4690 (BCLK @ 104MHz = 4,05GHz) Cooler: Akasa X3 Motherboard: Gigabyte GA-Z97-D3H RAM: Kingston 16GB DDR3 (2x8GB) Graphics card: Gigabyte GTX 970 4GB (Core: +130MHz, Mem: +230MHz) SSHD: Seagate 1TB SSD: Samsung 850 Evo 500GB HHD: WD Red 4TB PSU: Fractal Design Essence 500W Case: Zalman Z11 Plus

 

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9875978
Share on other sites
Link to post
Share on other sites
Posted

Oho, the dude is from my country, nice.

But yeah so much shitshow with ransomware lately and it goes on.

| CPU: Ryzen 7 7800X3D | MOBO: AM5 B650 Aorus Elite AX | RAM: G.Skill Trident Z5 Neo RGB DDR5 32GB 6000MHz C30 | GPU: Sapphire PULSE Radeon RX 7900 XTX | SSD: Samsung 9100 PRO 1TB with heatsink | Cooler: Arctic Liquid Freezer II 360 | PSU: Seasonic Focus GX-850 | Case: Lian Li Lanccool III | Mousepad: Zowie GTF-X  / Vaxee PC / PA / Artisan Raiden Mid XXL| Mouse: Vaxee XE wired / Hitscan Hyperlight | Keyboard: Wooting 80HE zinc alloy raw - geon raw HE switches | Headset: Beyerdynamic MMX 300 (2nd Gen) | Monitor: LG 32GS95UV-B OLED 4K 240Hz / 1080p 480Hz dual-mode | OS: Windows 11 |

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9878468
Share on other sites
Link to post
Share on other sites
Posted

Pc is down right now, guess I will leave it off for a few days. 

COMMUNITY STANDARDS   |   TECH NEWS POSTING GUIDELINES   |   FORUM STAFF

LTT Folding Users Tips, Tricks and FAQ   |   F@H & BOINC Badge Request   |   F@H Contribution    My Rig   |   Project Steamroller

I am a Moderator, but I am fallible. Discuss or debate with me as you will but please do not argue with me as that will get us nowhere.

 

Spoiler

Character is like a Tree and Reputation like its Shadow. The Shadow is what we think of it; The Tree is the Real thing.  ~ Abraham Lincoln

You have enemies? Good. That means you've stood up for something, sometime in your life.  ~ Winston Churchill

Reputation is a Lifetime to create but takes only seconds to destroy.

Docendo discimus - "to teach is to learn"

 

  

 CHRISTIAN MEMBER 

 
 
 
 
 
 

 

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9879832
Share on other sites
Link to post
Share on other sites
Posted
18 hours ago, Prysin said:

Thanks Obama

it started long before him. He was just the last to not stop it. 

Good luck, Have fun, Build PC, and have a Wii and PS2 as your only consoles.

NightHawk 3.0: R7 5700x @, B550A vision D, H105, 2x32gb Oloy 3600, Asrock RX9070xt Steel Legends, Corsair RM750X, 500gb 850 evo, 2tb rocket and 5tb Toshiba x300, 3x 6TB WD Black W10 all in a Obsidian 750D airflow.
GF PC: (NightHawk 2.0): R7 2700x, B450m vision D, 4x8gb Geli 2933, Sapphire RX 6700XT  Nitro+, CX650M RGB, Obsidian 350D

Skunkworks: R5 3500U, 16gb, 500gb 860 evo, Vega 8. HP probook G455R G6 Ubuntu 20. LTS

Condor (MC server): 6600K, z170m plus, 16gb corsair vengeance LPX, samsung 750 evo, EVGA BR 450.

Spirt  (NAS) ASUS Z9PR-D12, 2x E5 2620V2, 8x4gb, 24 3tb HDD. F80 800gb cache, trueNAS, 2x12disk raid Z3 stripped

HP probook 445R G6 review

 

"Stupidity is like trying to find a limit of a constant. You are never truly smart in something, just less stupid."

Camera Gear: X-S10, 16-80 F4, 35mm F1.4, Helios 44

Link to comment
https://linustechtips.com/topic/783504-eternalrocks-malware/#findComment-9880216
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×