Security researchers have identified a new strain of malware that targets the same vulnerability that helped ransomware spread to computers across the globe last week. And it includes far more threats than last week’s attacker, making it potentially tougher to fight.
Researchers have named it EternalRocks, and it shows that the threat posed by exploits recently stolen from the National Security Agency is far from over. EternalRocks was first detected on Wednesday by a Croatian security expert, according to Bleeping Computer.
Like the original ransomware, known as WannaCry, EternalRocks uses an NSA tool known as EternalBlue to spread itself from one computer to the next through Windows. But it also uses six other NSA tools, with names like EternalChampion, EternalRomance, and DoublePulsar (which is also part of WannaCry).
Get Data Sheet, Fortune’s technology newsletter.
That could eventually help it spread even farther and faster than WannaCry, which has now affected over 240,000 machines, primarily those running unpatched versions of Windows 7. WannaCry is ransomware, which encrypts files on infected machines and demands payment for unlocking them. But whoever was behind it made a variety of mistakes that have made it easier to slow and circumvent.
In its current form, EternalRocks doesn’t have any malicious elements—it doesn’t lock or corrupt files, or use compromised machines to build a botnet. But that’s not particularly reassuring, because EternalBlue leaves infected computers vulnerable to remote commands that could ‘weaponize’ the infection at any time.
And it doesn’t have WannaCry’s weaknesses, including the kill switch that a researcher used to help contain WannaCry. EternalBlue also uses a 24-hour activation delay to try to frustrate efforts to study it, and uses some of the same file names as WannaCry in an apparent effort to confuse security efforts.
The researcher who found EternalRocks doesn’t claim that it has spread very far yet, but it’s just one example of a wave of new malware based on the NSA-authored exploits. The consequences have already been serious, and they could get worse.
Matter of time when common malware through phishing bad guys will incorporate SMB exploits for synergistic attack. Then, we die
— Miroslav Stampar (@stamparm) May 20, 2017
