The digital world globally is still shaken with the malicious Wannacry ransomware virus attack and has barely been able to cope up with it, when a new malware strain has been identified by the security researchers. The new malware exploits the same vulnerability .i.e. unpatched software to spread across the systems. Similar to Wannacry in its approach, but this malware includes more threats which makes it a tougher enemy to counter.
First discovered by a Croatian Security experts, the malware named EternalRocks uses the EternalBlue NSA tool to propagate through the systems using Windows. But unlike Wannacry which uses only two NSA tools-EternalBlue and DoublePulsar, EternalRocks exploits seven Server Message Block (SMB) centric NSA tools. EternalRomance, EternalSynergy, EternalChampion and EternalBlue tools are used by the virus to aid it in compromising the system. While the other two tools called SMBTouch and Architouch are used by it for exploration purposes. Once the malware get access to the system it makes use of yet another NBA tool named DoublePulsar to propagate and hook on to the next vulnerable system.
Using these tools, EternalRocks is suspected to be even more harmful than its successor Wannacry ransomware. Wannacry virus used to affect the vulnerable systems, encrypt their data and ask for the ransom in return for decrypting. But it suffered from numerous flaws and loopholes which made it easier for the security experts to slow it down and bypass its attack. But EternalRocks which does not share the same malicious intent of locking the data. Rather, this virus renders the systems vulnerable to remote commands and can be used to channelize new malware attacks.
The virus, skillfully programmed does not suffer from the same handicaps such as the Wannacry which helped the researchers to limit it. But researchers are working on ways to limit this new threat by patching the vulnerable systems or disabling the old SMBv1 protocol.