Support NeoGAF

[patientx]

According to experts, at the moment it is "just" spreading but one cannot know when they'll activate it to do something bad.

The recently discovered EternalRocks joins a set of highly infectious bugs created from the NSA's leaked tools.

If the NSA's leaked hacking tools had a Voltron, it would be EternalRocks.

On Sunday, researchers confirmed new malware, named EternalRocks, that uses seven exploits first discovered by the National Security Agency and leaked in April by the Shadow Brokers group. Experts described the malware as a "doomsday" worm that could strike suddenly.

EternalRocks uses EternalBlue, DoublePulsar, EternalChampion, EternalRomance, EternalSynergy, ArchiTouch and SMBTouch -- all tools leaked by the Shadow Brokers. Stampar said he found the packed hack after it infected his honeypot, a trap set to monitor incoming malware.

Article at CNET here.

 

[M3d10n]

Two auto-play videos on the same page? Really, CNET?

 

[Breads]

Thanks wikileaks.

 

[PnCIa]

Thanks NSA for doing this great work.

 

[Hari Seldon]

MS hopefully already patched for this right???

 

[Lord Frieza]

Now that they've found it, though, can't they address it, or is that being too simplistic?

 

[Nivash]

Two auto-play videos on the same page? Really, CNET?

Blame it on the worm

 

[sazzy]

Two auto-play videos on the same page? Really, CNET?

autoplay is worse than malware

 

[Donos]

Now that they've found it, though, can't they address it, or is that being too simplistic?

Doesn't matter if they have patches/updates if people still rock their Windows XP with SP1 on it...

 

[Fewr]

Two auto-play videos on the same page? Really, CNET?

It's not CNET, it's the effect of EternalRocks.
RIP

 

[Spectone]

Doesn't matter if they have patches/updates if people still rock their Windows XP with SP1 on it...

WannaCry mainly hit Windows 7 targets not XP.

I see this new worm is also using SMB exploits so only those who have SMB exposed to the internet will be affected. if you have a firewall between you and the internet and you don't forward SMB across that link you should not be affected.

 

[Damaniel]

Two auto-play videos on the same page? Really, CNET?

CNET is a steaming pile and has been for years.

Also, death to autoplay videos. Who the hell thought that was even remotely a good idea?

And finally, back to the story at hand. Patch your PCs and servers, folks!

 

[Kerensky]

Now that they've found it, though, can't they address it, or is that being too simplistic?

Eternalblue was fixed by not forwarding port 445 and allowing infected machines to conect to your lan in the first place.

Why does SMB run as a kernel module again?

 

[Kthulhu]

Fuck the NSA. I don't know how anyone can defend them anymore. Hopefully MS can patch all of this before anyone gets hurt.

 

[Kerensky]

Fuck the NSA. I don't know how anyone can defend them anymore. Hopefully MS can patch all of this before anyone gets hurt.

The deep state resists trump, or such is the narrative in most CIA and FBI threads.

 

[Lord Frieza]

Eternalblue was fixed by not forwarding port 445 and allowing infected machines to conect to your lan in the first place.

Why does SMB run as a kernel module again?

I have absolutely no idea what any of this says.

 

[Mugsy]

EternalRocks uses EternalBlue, DoublePulsar, EternalChampion, EternalRomance, EternalSynergy, ArchiTouch and SMBTouch -- all tools leaked by the Shadow Brokers.

That has to be the most cyberpunk thing I have ever read.

 

[Kaako]

Thanks, NSA!
Making the cyber world a safer place, one exploit at a time.

 

[Coreda]

Thanks wikileaks.

Here we go again. It's even in the OP this time.

 

[jstripes]

WannaCry mainly hit Windows 7 targets not XP.

I see this new worm is also using SMB exploits so only those who have SMB exposed to the internet will be affected. if you have a firewall between you and the internet and you don't forward SMB across that link you should not be affected.

All it takes is one bozo in your organization to open an infected PDF.

Disable SMB1, if you can. (I'm working on it.)

 

[Dopus]

Thanks wikileaks.

Nothing to do with them.

Shadow Brokers aren't Wikileaks.

 

[StayDead]

Thanks wikileaks.

It's almost as if companies shouldn't put in back doors for surveillance like they did which are ripe to be abused like this.

 

[close to the edge]

Thanks wikileaks.

Shadow Brokers, not Wikileaks. It's not clear who is behind them (might be Russia, might be a disgruntled ex-NSA employee or someone else) but those exploits were at least not published by Wikileaks.

 

[Barzul]

It's almost as if companies shouldn't put in back doors for surveillance like they did which are ripe to be abused like this.

Microsoft left this in on purporse? Afaik these were all zero days.

 

[old manatee]

Thanks NSA. Go fuck yourselves forever.

 

[Kthulhu]

Shadow Brokers, not Wikileaks. It's not clear who is behind them (might be Russia, might be a disgruntled ex-NSA employee or someone else) but those exploits were at least not published by Wikileaks.

I wonder if it's some grey hat's way of getting these exploits fixed?

The deep state resists trump, or such is the narrative in most CIA and FBI threads.

Would surprise me if I saw it.

 

[John Kowalski]

Two auto-play videos on the same page? Really, CNET?

Someone should make a virus that makes all videos autoplay

 

[chekhonte]

Does the NSA work with anti virus people and provide information about identifying and removing this kind of garbage?

 

[ChubbyHuggs]

Man, those sound like moveset names for a video game.

 

[close to the edge]

Does the NSA work with anti virus people and provide information about identifying and removing this kind of garbage?

LOL no. The NSA does not want any of those exploits fixed, they want them all for themselves so they can do their shady business. As soon as they become public (and thus fixed), they are worth a lot less to them. Apparently the NSA had the EternalBlue exploit for three years before it was leaked.

I wonder if it's some grey hat's way of getting these exploits fixed?

That would be a weird way to get the exploits fixed but you never know.

 

[Kaako]

Does the NSA work with anti virus people and provide information about identifying and removing this kind of garbage?

Hahaha oh man. That would be a hell no unless shit has reaaally hit the fans and collaboration is the only option of containment. In that case, MAYBE.

 

[ResidentWeevil13]

The deep state resists trump, or such is the narrative in most CIA and FBI threads.

The deep state resists due process

 

[Shao Kahn Brewing a Stew]

Two auto-play videos on the same page? Really, CNET?

Better than seven.