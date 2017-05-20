New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two (bleepingcomputer.com) 21
An anonymous reader writes: Researchers have detected a new worm that is spreading via SMB, but unlike the worm component of the WannaCry ransomware, this one is using seven NSA tools instead of two. Named EternalRocks, the worm seems to be in a phase where it is infecting victims and building its botnet, but not delivering any malware payload.
EternalRocks is far more complex than WannaCry's SMB worm. For starters, it uses a delayed installation process that waits 24 hours before completing the install, as a way to evade sandbox environments. Further, the worm also uses the exact same filenames as WannaCry in an attempt to fool researchers of its true origin, a reason why the worm has evaded researchers almost all week, despite the attention WannaCry payloads have received.
Last but not least, the worm does not have a killswitch domain, which means the worm can't be stopped unless its author desires so. Because of the way it was designed, it is trivial for the worm's owner to deliver any type of malware to any of the infected computers. Unfortunately, because of the way he used the DOUBLEPULSAR implant, one of the seven NSA hacking tools, other attackers can hijack its botnet and deliver their own malware as well. IOCs are available in a GitHub repo.
Ars Technica quotes security researchers who say "there are at least three different groups that have been leveraging the NSA exploit to infect enterprise networks since late April... These attacks demonstrate that many endpoints may still be compromised despite having installed the latest security patch."
Your computer have virus.
Sure Windows, you sound legit with your Indian accent. Access as needed. O.....sorry I'm not paying. Btw, you're also locked in a virtualized Windows platform on Debian. Thanks for playing
Windows is sand-boxed inside of a VM instance for me.
You've got worm! - AOL
Be sure to spin rhetoric about "NSA" and "CIA" freakouts harder than the actual technical details, as usual!
Why shouldn't we? The technical details are not of interest to a general audience, and are already available to those who do have a vested interest.
The bottom line, however, is that the NSA knowingly endangered the entire country by failing to disclose vulnerabilities in our digital infrastructure. The "its not their job" argument is bullshit. They acted unethically (to but it way to mildly), and the people who pay their salaries are now being hacked because of it.
Not cool.
Why? Is there not enough information to fill the 24 hour news cycle with Trump in the US, Erdogan in Turkey, the Brexit in Europe, ad infinitum...
Or, and I don't have the tinfoil hat on but it's out of the drawer, will these be used to somehow shunt internet freedoms as the powers that be protect us from another Boogeyman.
Why has the NSA, who know exactly what weaponized exploits were broadcast to the world. . . Why has the NSA not offered-up any antidotes to their now-public weaponization of a bunch of sploits?
They could swoop in and try to look like the hero here, but there's been no sign of that. Not a peep from the NSA.
Are they just making popcorn and watching the fallout because they think they are computer GODS, enjoying watching the plebes fight all of these forthcoming worms and trojans just to get themselves off b