Computer security experts have discovered EternalRocks, a new malware that exploits seven tools stolen from the NSA, but is "harmless" for the time being.
After Wannacry, it is the turn of EternalRocks, a new malware created using seven tools stolen from the National Security Agency (NSA), the US National Agency. For comparison, WannaCry was generated using only two tools stolen from the same US agency.
The virus was detected after it infected the device of one of the members of the Croatian government, Miroslav Stampar. The malware exploits several NSA tools including ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE and ETERNALSYNERGY. To transmit the malware to other devices, EternalRocks uses DOUBLEPULSAR, again a National Security Agency tool. According to experts, the malware is much more powerful than WannaCry, but at the same time less dangerous, and with the right countermeasures it is possible to stop the "epidemic" before it does too much damage.
Powerful but less dangerous
EternalRocks is very complex virus and difficult to contain, but it does not contain malicious content. It must be said, however, that in the wrong hands it could pose a major threat. Also because it infects the victim in a sneaky way, in two stages. During the first one, the virus takes possession of the device and installs itself automatically. In the second phase, the malware completes its action on the victim's device. Between the first and the second phase there can be a wait that can exceed 24 hours and is used to bypass all security checks of antiviruses present on the device.
Hard to detect
To fool experts EternalRocks uses files with names identical to WannaCry. But unlike WannaCry, EternalRocks does not include the same switch that security researchers used to stop the WannaCry outbreak. Precisely because of this absence and the fact that with seven different NSA tools, the malware lends itself to multiple uses, researchers see it as potentially one of the most dangerous viruses seen recently. For the researchers the malware is without malicious codes because at the moment it would be only a prototype, an experimentation of some hacker. And this hypothesis would put us in front of an even more distressing picture. It means that at any moment someone could transform EternalRocks, or an even more elaborate version of it, into a global cyber attack. Be careful then because the PCs already infected would be different, at the moment it is impossible to find the effects but if in the future the virus would be "armed" many users would become unsuspecting victims.