New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two

An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload. EternalRocks is far more complex than WannaCry’s SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received. Last but not least, the worm does not have a killswitch domain, which means the worm can’t be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm’s owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo. Ars Technica quotes security researchers who say “there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April… These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch.”

Read more of this story at Slashdot.


Slashdot

So Here's Seven Hours Of Driving Through A Rainstorm

This video does not make us feel relaxed, like most rain sounds do, nor is it particularly interesting. The best way to describe how this video makes us feel is that we feel “safe.” It’s a sort of calm-alertness? Hit play and see for yourself.
Digg Top Stories

DARPA’s $4M Cyber-Threat Clash Down To Seven Challengers

coondoggie writes: When it began a year ago, there were 104 teams competing for $ 4 million in prize money in the Defense Advanced Research Projects Agency (DARPA)’s ambitious tournament — known as the Cyber Grand Challenge (CGC) — to see who can build the best fully automatic network defense system. This week DARPA said that after a couple dry runs and a significant qualifying event the field of CGC teams is down to seven who will now compete in the final battle slated to take place at DEFCON in Las Vegas in August 2016.

Read more of this story at Slashdot.


Slashdot