In the middle of the month of May, researchers found an instance of malware that may be far more dangerous than the recent WannaCry ransomware. It too arose from stolen National Security Administration (NSA) tools, but it isn’t ransomware. It can be stealthy. It can hang around on an infected device and just wait for commands from its master to make it into the next cyber weapon. It was found by a Croatian security researcher and reported by Bleeping Computer just recently. It’s being called EternalRocks.
This one takes advantage of the same Windows vulnerability as WannaCry. What does that mean? It means that if WannaCry didn’t scare you enough, this one should. If you have any Windows machines that are not patched with the updates that Microsoft already released months ago for this, you should definitely get on it. Microsoft even released a special patch for Windows XP and other versions of its operating system that it no longer supports.
However, if you are still using an unsupported operating system, consider upgrading to one that is. There is no guarantee that special considerations will be given the next time something like this happens. And this newest discovery only demonstrates that the exploitation of the cyber tools stolen from the NSA is not complete. Likely more malware will be headed our way soon.
EternalRocks is different from WannaCry in many ways:
- There is no “kill switch” allowing it to be shut down quickly.
- It is not ransomware.
- It can lurk in the background and wait for remote commands without being detected.
- It uses six tools from the NSA stolen cyber weapons stash including EternalChampion, EternalRomance, and one that was used in WannaCry as well, DoublePulsar.
So far there is no indication that it has spread very far, but that’s no reason it should not be taken seriously.