Unlike extortion malicious WannaCry, EternalRocks malicious code spreads by using up to seven NSA leaks, while WannaCry can exploit only two of them.
Specially, WannaCry uses only two EternalBlue and DoulePulsar tools, while EtarnalRocks exploits seven tools which are EternalBlue, EternalRomance, EternalChampion, EternalSynergy, SMBTouch, ArchTouch, and DoublePulsar.
SMBTouch and ArchTouch are SMB monitoring tools, designed to scan open SMB ports on the public internet. EternalBlue, EternalChampion, Eternal Synergy and EternalRomance are vulnerable for hackers to attack Windows computer. Only DoublePulsar is used to spread out the virus from infected computer to other vulnerable computers running the same network.
Miroslav Stampar, a security researcher at the Croatian Center for Emergency Response, discovered EternalRocks. According to Stampar, EternalRocks is not the same as WannaCry when it seems to be designed to work secretly so as not to be detected on the affected system.
The infection method of this malicious is still based on Windows vulnerabilities, shared the same method like WannaCry, but instead of encrypting files, EternalRocks allows hackers to remotely control infected computer.
According to Trend Micro, this mechanism is much more dangerous than WannaCry, allowing hackers to use a network of infected computer for malicious purposes such as denial of service attacks, DDOS attacks, stealing files or even more dangerous such as tracking and extorting users directly.
After infecting the computer, to avoid being detected, EteralRocks downloads the hidden browser Tor, which then uses the browser to connect to the C & C sever. At the same time, the malicious code also hides 24 hours later to connect to the control server and download tools to exploit SMB vulnerabilities. Next, EternalRocks scans the network, fins computes with the SMB holes and infects itself.