Lucene search

K
myhack58佚名MYHACK58:62201786371
HistoryMay 23, 2017 - 12:00 a.m.

The SMB vulnerability triggered“bloodshed”, far more than WannaCry-vulnerability warning-the black bar safety net

2017-05-2300:00:00
佚名
www.myhack58.com
147

EPSS

0.973

Percentile

99.9%

Preface

Since the Shadow Brokers published NSA Elite hacking team Equation Group the use of 0-day vulnerabilities and hacker tools, hacker groups and independent hackers started to exploit these vulnerabilities and tools to initiate various attacks. But industry insiders believe that the 4 month Shadow Brokers published include high-risk Windows SMB vulnerabilities, including a series of Windows hacking tool data, is by far the most destructive of the data.

WannaCry after the outbreak, security researchers have found many hackers exploit Windows SMB Vulnerability, CVE-2017-0143)(i.e. Enternal Blue for a variety of hacking activities, in addition, Eternalblue SMB vulnerability MS17-010 has been transferred to the Metasploit penetration testing framework, which allows researchers and hackers can easily take advantage of this vulnerability expand to different actions.

Therefore, in addition to WannaCry this massive global attack, a large number of hacker groups, state-sponsored hackers, in order to earn money for the purpose of network criminal and grey hat hacker use Eternalblue initiated a variety of large or smaller attack, in fact, is not surprising.

The following is a security researchers recently discovered the use of the SMB vulnerability to initiate the attack, some occur in WannaCry before, and some occur in WannaCry.

One, EternalRocks worms

5 on 17 May, the researchers found a product called EternalRocks New use of SMB vulnerability of the worms. With the use of two NSA vulnerability and tools WannaCry compared EternalRocks worms can be had and less. The worm Co-use of a four-section SMB vulnerability and three NSA hack tool include the following:

EternalBlue — SMBv1 vulnerability

EternalRomance — SMBv1 vulnerability

EternalChampion — SMBv2 vulnerability

EternalSynergy — SMBv3 vulnerability

SMBTouch — SMB investigative tool

ArchTouch — SMB reconnaissance tool

[1] [2] [3] [4] [5] [6] next