SOMEONE WHO MIGHT LIKE WUTHERING HEIGHTS has released some ransomware a couple of weeks after that thing called WannaCry made newspaper headlines and stuffed our email inboxes like turkeys in November.
This fresh strain of malware, called 'EternalRocks', which is a great name for a best of driving tunes compilation CD, owes much to WannaCry and the exploits that the NSA is accused of sitting on.
WannaCry brings us to tears already, so poring over this again is bad times. Fortunately we have not fallen victim, and nor has the NHS, so far, so not quite so bad.
Researchers have done what they do, though, and uncovered the new threat, put it on the end of a stick like it was a balloon and gone around frightening people with it.
Bleeping Computer, which is always on top of this sort of thing, says that EternalRocks uses seven of the leaked NSA tools, compared to WannaCry which just used two. We are considering renaming the latter as "WannaTryaBitHarder", but hopefully we won't have to write about it for too much longer.
The report says that the new threat popped into a honeypot operated by Miroslav Stampar, who works at the Croatian Government's CERT. It was he that named it EternalRocks because of its code, so it has nothing to do with a withering Heathcliff.
Matter of time when common malware through phishing bad guys will incorporate SMB exploits for synergistic attack. Then, we die— Miroslav Stampar (@stamparm) May 20, 2017
Stamper has spilled the guts of the threat on GitHub, adding that the original name for the SMB-targeting worm is "MicroBotMassiveNet" which is a lot less literal.
It has certainly impressed him. He started tweeting about the worm last week, explaining that it has no kill switch and channels a lot of its traffic through Tor. This makes it quite a venerable opponent. Except, it does not appear to have any kind of malicious content or intent. At least not yet. µ
A surprisingly busy week in a quiet month
Measures just 15.75mm at its thickest point
Firm expects GPU sales to start drying up