Internet security firm Bkav has warned of a new strain of malware dubbed EternalRocks that is said to be more dangerous than the ransomware WannaCry, according to its statement on the security forum WhiteHat.


Image result for WannaCry



The new worm, similar to WannaCry, attacks the Server Message Block (SMB) vulnerability on Windows-based computers.

In particular, during the first stage, EternalRocks downloads the Tor web browser in the affected computers and then uses the application to connect to the command-and-control server located on the Tor network.

After 24 hours, the second stage starts, but the malware delays action in an attempt to remain undetectable. EternalRocks downloads all the SMB exploits to the infected computer, and scans the Internet for opening SMB ports to spread itself to other vulnerable systems as well.

According to Bkav, the new worm is far more dangerous than WannaCry. Instead of blackmailing users of infected computers, it gains unauthorized control on these computers to launch cyberattacks in the future.

The malicious worm will likely spread more widely than its predecessor through intranets, especially among unpatched Windows computers.

Ngo Tuan Anh, vice president of Cybersecurity at Bkav, said SMB vulnerabilities continue to be exploited by hackers to spread malicious codes and install spyware in order to perform intentional attacks.

Security experts said that the distribution of ransomware worms and others like EternalRocks is aimed at destroying defense and security systems of individuals and enterprises.

SGT