漏洞类别:Backdoors and trojan horses
漏洞等级: 
漏洞信息
EternalRocks is a worm that is reportedly spreading by exploiting a flaw in the SMB protocol. The spreading mechanism is designed on the ETERNALBLUE, ETERNALCHAMPION, ETERNALROMANCE and ETERNALSYNERGY exploits that were released by the Shadow Brokers.
Microsoft addressed these vulnerabilities in MS17-010 and KB4012598.
QID Detection Logic (Authentication):
This authenticated detection works by checking for the presence of a few files that are located in the c:\Program Files\Microsoft Updates\ directory on an infected system.
漏洞危害
Successful infection renders an affected system controllable via C&C server commands, which could be leverage to propagate new malware or any other functionality via EternalRocks. DOUBLEPULSAR, ARCHITOUCH and SMBTOUCH.
解决方案
Cleaning up Infected systems:
- Customers are advised to contact their Anti-Malware vendor to remove the infection.
Workaround:
- Customers are advised to apply MS17-010 and KB4012598 Microsoft patches for affected systems.
- Customers are also advised to disable SMBv1.
- Customers may block TCP Port 445 at the perimeter.
0daybank
文章评论