Seven NSA cyberweapons, including four Windows SMB exploits, have been combined to create the EternalRocks malware....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
What are the exploits used by EternalRocks, and how is it similar to the WannaCry ransomware worm?
Windows networking has been a scourge to the internet since the first Windows machine on a local network connected to the web. Windows networking still uses the server message block (SMB) protocol, and it was designed for local networks, but enterprises continue to expose their systems with SMB access open to the internet. Most enterprises block inbound and outbound Windows networking packets because of malware like Sircam, Nimda and many others, but when firewalls go down, internal systems can be infected.
Penetration testers and attackers are very aware of the insecurities in Windows networking. Still, one of the NSA exploits -- EternalBlue -- used in its EternalRocks malware, exploited a vulnerability in SMB v1 that could have been blocked by a border firewall filtering SMB traffic. The other SMB exploits included in the malware are EternalChampion, EternalRomance and EternalSynergy; EternalRocks also includes other NSA cyberweapons, such as the DoublePulsar exploit for implanting backdoors.
The EternalRocks malware kit wasn't just a Windows networking worm, but also included functionality to download additional code and connect to a command-and-control server for future commands. The initial exploit is very important in order to get initial access to a system, but the later stages of the attack are potentially the most important to defend against, and they have the most impact.
The EternalBlue exploit used by the EternalRocks malware is also used in the WannaCry ransomware worm, but WannaCry takes the next step with malicious action on the endpoint via ransomware. EternalRocks has no ransomware or malicious payloads and only spreads itself on systems and devices. Exploit kits, even security tools like Metasploit and other commercial tools, have much of the same functionality and could include these exploits into their toolkits.
Find out why computer worms like WannaCry continue to pose a threat
Learn why the WannaCry outbreak should prompt hospitals to up their security game
Read about how the NSA balances vulnerability disclosure and national security
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is ...continue reading
Kaspersky Lab recently accused Windows 10 of acting as an antivirus block to third-party antimalware software. Discover how your software is being ...continue reading
QakBot malware triggered hundreds of thousands of Microsoft Active Directory account lockouts. Discover the malware's target and how these attacks ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.