Eternal Rocks Network Worm – A Complete User Guide
EternalRocks is a new worm, which uses seven leaked NSA hacking tools to do crime over the network. It is a potential threat that has even worse effects than the previously discovered virus. However, it has similar characteristics with the popular ransomware. Thus, it is important to make users aware of this malware i.e. Eternal Rocks Network worm.
The researchers of cyber security have identified a potential successor of the last worm, which is commonly known as EternalRocks malware. It is a type of malware discovered by Miroslav Stampar from the Croatian Government’s CERT and caught in an SMB honeypot. It means, it is a type of worm, which exploits the same SMB vulnerability in the Windows as done by the previous virus. But the problem is that it is more advanced, problematic and sophisticated than the last ransomware. Moreover, it is a self-replication malware that can spread very fast in the cloud where it is not visible to anyone due to organization network traffic. Apart from all this, EternalRocks worm does not have a kill switch to stop the running code.
Seven Different NSA Tool used by Eternal Rocks Network Worm
Another most worrying thing is unlike the last virus, which uses two NSA hacking tools EternalRocks malware uses utilizes seven different NSA hacking tools, which are listed below:
- EternalBlue — SMBv1 exploit tool
- EternalRomance — SMBv1 exploit tool
- EternalChampion — SMBv2 exploit tool
- EternalSynergy — SMBv3 exploit tool
- SMBTouch — SMB reconnaissance tool
- ArchTouch — SMB reconnaissance tool
- DoublePulsar — Backdoor Trojan
This worm will download all the above-listed SMB exploits on the infected computer and after that, it scans the internet to find the open SMB ports on other systems to attack. All these are the bad hacking tools that will result in worse consequences after the Eternal Rocks attack. But among all the EternalBlue and DoublePulsar are the most worse that make this worm spread over the network as fast as possible.
How Does EternalRocks Worm Work Exactly?
EternalRocks virus has no malicious component, it simply uses two stage process to spread itself over a period of 24-hour.
First Stage: In the first stage, Eternal Rocks Network worm infects the most vulnerable system that is running on the Windows operating system, which has not been spotted to resolve the MS17-010 vulnerability.
Apart from this, in the first stage, it downloads the Tor web browser on the vulnerable system and all necessary .NET components drops an executable file used to download, install and run the Tor web browser with command and control (C&C) communications.
Second Stage: After 24 hours the second-stage is downloaded, which later on become invisible as the taskhost.exe process. It uses Tor Browser to download all other executable files using .onion domain and after that download the NSA exploits. Then, it installs all the contained directories payloads/, configs/, and bins/ and begin a random scan of 445 opened SMB ports over the internet. As the scanning process completes, the EternalRocks malware spread itself to another vulnerable system quickly.
More About Eternal Rocks Network Worm Harmful Effects
EternalRocks malware till now is an experimental worm, it can either be used as a harmless worm for research purposes or can be used to effect vulnerable systems badly. However, EternalRock virus till now does not come with malicious payloads but gives a clear a clear hint of what can happen in future if it is spread as the most dangerous malware.
What Security Measures to be Used?
There are various preventions that one can have to avoid Eternal Rocks network worm. All of them are discussed below:
- Block SMB ports external access over the public Internet
- Make sure that you patch all SMB vulnerabilities.
- To avoid this attack, you can also block access to Command & Control Communications
- One need to block access to Torproject.org also.
- You need to monitor the newly added scheduled tasks to locate Eternal Rocks worm attack.
- Try to detect DoublePulsar using any script available online.
- Please ensure that DatAlert Analytics is up to date that monitors your organization to locate any insider threats.
- Apart from all this, the prevention that must be performed is to backup all your important data on regular basis and store it on other safe location on another system.
The Bottom Line
As the technology increases the user’s benefits, the harmful virus, and malware attack also increasing to destroy it. Among all popular virus attack, EternalRocks malware is the newly discovered network worms. As NSA hacking tool attacks on the Windows SMB exploit has proven to be quite problematic, multiple types of ransomware came in the market to affect the network badly. Earlier, a so much harmful malware was discovered, now its successor EternalRocks worm has emerged with more than worse effect if it starts attacking the vulnerable systems. Thus, here in this post, all deep knowledge of Eternal Rocks network worm is discussed. Moreover, to prevent this attack, various security measures are also suggested that one can perform easily.