Follow-up to WannaCry malware shaping up to be a real tear-jerker

Think WannaCry was bad? Well, something worse is in the pipeline, and that impending, far bigger threat, has a name: EternalRocks.

EternalRocks is aimed at the same vulnerability which WannaCry leveraged to spread itself so widely, and as Bleeping Computer reports, it’s a worm that propagates itself via SMB (Server Message Block – a file sharing protocol in Windows). If your system hasn’t had that flaw patched, it’s open to exploit.

The difference is that while WannaCry used a pair of NSA hacking tools to spread and install malware, EternalRocks has a further five NSA tools in its malicious toolbox, making a total of seven. This makes it more dangerous in terms of being able to potentially infect more PCs in an even swifter manner than WannaCry managed.

However, as Miroslav Stampar, the security researcher who discovered the new threat observes, the good news – such as it is – is that EternalRocks has not yet been weaponized.

In other words, it doesn’t currently have a malware payload, meaning that the version discovered in the wild simply doesn’t do anything at the moment.

But EternalRocks could easily be loaded up with ransomware, as with WannaCry, or perhaps a stealthier piece of nastiness such as a Trojan to hoover up your bank login details (whatever the architect of the malware wants, basically).

And unfortunately, EternalRocks is considerably more sophisticated than WannaCry on an overall level, using a two-part installation routine which delays the second stage of infection in order to be less likely to get detected by security measures. There’s no kill switch here, either, so no way of shutting the thing down as happened in the case of WannaCry.

World of hurt

In short, when this new strain of SMB-leveraging malware is let loose, we could be in for a world of hurt – a tidal wave of infections which makes WannaCry look like a lazily flowing stream in comparison.

Microsoft will doubtless argue that all this is a good reason to upgrade to Windows 10, given that it has emerged that 98% of those affected by WannaCry were running Windows 7 (so Windows XP wasn’t the worst hit operating system as previously thought).

But the reason those Windows 7 PCs were infected was because they weren’t up-to-date with the latest security patches, with Microsoft already having issued a fix for this exploit back in March. All this is certainly plenty of motivation to keep on top of security patches, if you needed any more prodding in that respect.

Also remember that Shadow Brokers, the group of hackers responsible for leaking the aforementioned NSA tools, has promised that from next month, it will leak fresh tools and exploits to help malicious types crack desktop systems and smartphones.

Furthermore, it’s also worth bearing in mind that some nefarious types are offering up solutions for WannaCry which are actually malware themselves. As Easy Solutions pointed out in a blog post: “There are various mobile applications advertising that they can be used to protect users from the WannaCry ransomware. However, our analysts found that some of these apps contained adware meant to infect the devices they are downloaded onto.  Rather than protecting users’ devices, they are causing them harm.”

All in all, it’s a bit of a malware minefield out there right now. We’ve got some advice on fighting ransomware here, and if you need further help, you can also check out the No More Ransom website which offers plenty of advice on what you should do if infected (and why you shouldn’t attempt to pay the attackers – which we also discuss).

Via: Fortune