Hacker News: Newly Found Malware Uses 7 NSA Hacking Tools, Where WannaCry Uses 2

EternalRocks-windows-smb-nsa-hacking-tools

A security researcher has identified a new strain of malware that also spreads itself by exploiting flaws in Windows SMB file sharing protocol, but unlike the WannaCry Ransomware that uses only two leaked NSA hacking tools, it exploits all the seven.

Last week, we warned you about multiple hacking groups exploiting leaked NSA hacking tools, but almost all of them were making use of only two tools: EternalBlue and DoublePulsar.

Now, Miroslav Stampar, a security researcher who created famous ‘sqlmap’ tool and now a member of the Croatian Government CERT, has discovered a new network worm, dubbed EternalRocks, which is more dangerous than WannaCry and has no kill-switch in it.

Unlike WannaCry, EternalRocks seems to be designed to function secretly in order to ensure that it remains undetectable on the affected system.

However, Stampar learned of EternalRocks after it infected his SMB honeypot.

The NSA exploits used by EternalRocks, which Stampar called “DoomsDayWorm” on Twitter, includes:

  1. EternalBlue — SMBv1 exploit tool
  2. EternalRomance — SMBv1 exploit tool
  3. EternalChampion — SMBv2 exploit tool
  4. EternalSynergy — SMBv3 exploit tool
  5. SMBTouch — SMB reconnaissance tool
  6. ArchTouch — SMB reconnaissance tool
  7. DoublePulsar — Backdoor Trojan

As we have mentioned in our previous articles, SMBTouch and ArchTouch are SMB reconnaissance tools, designed to scan for open SMB ports on the public internet.

Also Read: WannaCry Ransomware Decryption Tool Released

Whereas EternalBlue, EternalChampion, EternalSynergy and EternalRomance are SMB exploits, designed to compromise vulnerable Windows computers.

And, DoublePulsar is then used to spread the worm from one affected computers to the other vulnerable machines across the same network.

Stampar found that EternalRocks disguises itself as WannaCry to fool security researchers, but instead of dropping ransomware, it gains unauthorized control on the affected computer to launch future cyber attacks.

Here’s How EternalRocks Attack Works:

EternalRocks installation takes place in a two-stage process.

During the first stage, EternalRocks downloads the Tor web browser on the affected computers, which is then used to connect to its command-and-control (C&C) server located on the Tor network on the Dark Web.

“First stage malware UpdateInstaller.exe (got through remote exploitation with second stage malware) downloads necessary .NET components (for later stages) TaskScheduler and SharpZLib from the Internet, while dropping svchost.exe (e.g. sample) and taskhost.exe (e.g. sample),” Stampar says.

According to Stampar, the second stage comes with a delay of 24 hours in an attempt to avoid sandboxing techniques, making the worm infection undetectable.

After 24 hours, EternalRocks responds to the C&C server with an archive containing the seven Windows SMB exploits mentioned above.

“Component svchost.exe is used for downloading, unpacking and running Tor from archive.torproject.org along with C&C (ubgdgno5eswkhmpy.onion) communication requesting further instructions (e.g. installation of new components),” Stampar adds.

All the seven SMB exploits are then downloaded to the infected computer. EternalRocks then scans the internet for open SMB ports to spread itself to other vulnerable systems as well.

अभी तो बहुत ‘भसड़’ होने वाली है!

If you are following The Hacker News coverage on WannaCry Ransomware and the Shadow Brokers leaks, you must be aware of the hacking collective’s new announcement of releasing new zero-days and exploits for web browsers, smartphones, routers, and Windows operating system, including Windows 10, from next month.

The exclusive access to the upcoming leaks of zero-days and exploits would be given to those buying subscription for its ‘Wine of Month Club.’ However, the Shadow Brokers has not yet announced the price for the subscription.

Since the hackers and state-sponsored attackers are currently waiting for new zero-days to exploit, there is very little you can do to protect yourself from the upcoming cyber attacks.

If you want to know every minute update about the latest cyber threats before they hit your system, make sure you are following The Hacker News on Twitter and Facebook, or subscribe to our newsletter.

Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

Lada Ray predictions and Ukraine timeline: Can it become part of Israel? Will Russia invade?

“However, there has been a slight shift in the timeline reality due to Kiev junta holding on to power for dear life and due to the US/EU establishment and shadow forces continuing its support.”

Lol, the same conditions apply for the US/EU as the West is also running out of time. Who else would be dumb enough to support the ailing petrodollar?
I see Saudi Arabia wants to be paid in arms!

http://www.cnbc.com/2017/05/20/us-saudi-arabia-seal-weapons-deal-worth-nearly-110-billion-as-trump-begins-visit.html

US collapse would be slow and painful, dragged out kickin’ and screamin’, bare knuckle brawl… just as u’ve predicted!

Sorry Ukraine, Uncle Sam no longer has your back!

Futurist Trendcast

Some important follow-ups to my latest: Heil Poroshenko! Ukraine junta bans Russian SM, prepares to ban Russian Orthodox Church.

First, an update and some rare good news from Ukraine! Under the pressure from the international community and from Ukraine’s own citizens, for now the Ukraine Rada did not pass the proposed Russian Orthodox Church ban. It has been widely warned that such ban would generate an all-out religious war in Ukraine.

The pressure on Ukraine not to adopt such shameful and anti-democratic law has been very tough. Even the Pope got involved, strongly advising against it. However, it’s early to rejoice. They will continue coming after the Russian churches and after everything Russian for as long at this junta is in power. We have seen this dance and song before, say, in the renaming of the streets and cities in Ukraine. Or take the visa regime with Russia – it…

View original post 1,339 more words

Untold Origins of the Federal Reserve

sentinelblog

Source: LFB.org, by Chris Campbell

“Progressive” is often a word we hear bandied about to describe very destructive things.

It’s “progressive,” for example, to believe taking responsibility for your individual thoughts, words and actions is a fool’s errand. When taken to its extreme, as it often is, many self-described progressives believe you are responsible for the actions, past and present, of your “group” — and such group, whether you like it or not, is decided for you without your input.

And based on what group you are in, you are more responsible for some things and less responsible for others.

So, says the uber-progressive, your individual actions don’t matter. The core of your being is morally relative. You are defined not by your peers, principles and actions — but by the things you can’t possibly choose. You are judged, rather, by those things outside of your control and those…

View original post 407 more words

UK Government Moves Aggressively to Censor and Control the Internet

Source: https://libertyblitzkrieg.com/2017/05/19/uk-government-moves-aggressively-to-censor-and-control-the-internet/

I’ve got family in town, so today’s post will be brief.

I’ll just leave you with the following dystopian excerpts from today’s UK Independent article titled, Theresa May to Create New Internet that Would Be Controlled and Regulated by Government:

Theresa May is planning to introduce huge regulations on the way the internet works, allowing the government to decide what is said online.

Particular focus has been drawn to the end of the manifesto, which makes clear that the Tories want to introduce huge changes to the way the internet works.

“Some people say that it is not for government to regulate when it comes to technology and the internet,” it states. “We disagree.”

Thanks for clearing that up.

Senior Tories confirmed to BuzzFeed News that the phrasing indicates that the government intends to introduce huge restrictions on what people can post, share and publish online.

The plans will allow Britain to become “the global leader in the regulation of the use of personal data and the internet”, the manifesto claims.

It comes just soon after the Investigatory Powers Act came into law. That legislation allowed the government to force internet companies to keep records on their customers’ browsing histories, as well as giving ministers the power to break apps like WhatsApp so that messages can be read.

The government now appears to be launching a similarly radical change in the way that social networks and internet companies work. While much of the internet is currently controlled by private businesses like Google and Facebook, Theresa May intends to allow government to decide what is and isn’t published, the manifesto suggests.

The manifesto even suggests that the government might stop search engines like Google from directing people to pornographic websites. “We will put a responsibility on industry not to direct users – even unintentionally – to hate speech, pornography, or other sources of harm,” the Conservatives write.

“Other sources of harm.” Can’t wait to see the ever-expanding government definition of that.

Perhaps most unusually they would be forced to help controversial government schemes like its Prevent strategy, by promoting counter-extremist narratives.

The manifesto also proposes that internet companies will have to pay a levy, like the one currently paid by gambling firms. Just like with gambling, that money will be used to pay for advertising schemes to tell people about the dangers of the internet, in particular being used to “support awareness and preventative activity to counter internet harms”, according to the manifesto.

The Conservatives will also seek to regulate the kind of news that is posted online and how companies are paid for it. If elected, Theresa May will “take steps to protect the reliability and objectivity of information that is essential to our democracy” – and crack down on Facebook and Google to ensure that news companies get enough advertising money.

If internet companies refuse to comply with the rulings – a suggestion that some have already made about the powers in the Investigatory Powers Act – then there will be a strict and strong set of ways to punish them.

Given how willing tech companies have been to comply with government spying in the past, it’ll be interesting to see how they respond to this dangerous, authoritarian power grab.

If you enjoyed this post, and want to contribute to genuine, independent media, consider visiting our Support Page.

In Liberty,
Michael Krieger

Facing Vaccination Opposition? Then Just Spray!

TheBreakAway


Source: GizaDeathStar.com
Dr. Joseph P. Farrell Ph.D.
May 20, 2017

When Mr. B.H. shared the following article published in 2016, I had to say “you’re kidding” out loud to my otherwise empty office, for it seems the proverbial “they” have found yet another way around the growing movement to question just why we need all those vaccines: just spray it from airplanes (copy and paste into your browser: http://yournewswire.com/australia-to-forcibly-vaccinate-citizens-via-chemtrails/ ).

Now, I have to admit that while I have not blogged much on this website concerning the subject of chemtrails, and what their ultimate purpose may be, I can say in all honesty that (1) I do believe that the phenomenon is real, and (2) that it represents some sort of covert agenda, or perhaps several agendas, on the part of “them.” The following paragraphs from the article – which I am assuming to be true for the sake of…

View original post 1,002 more words