EternalRocks dev shuts down operation
EternalRocks came to light in the wake of the global WannaCry attacks and garnered interest because it used 7 leaked NSA hacking tools to spread across Windows computersiStock

The cybercriminal who developed the EternalRocks SMB worm has reportedly called it quits just a week after reports of the malware first emerged. The hacker has now reportedly shut down his operation and in a message, claimed to have no malicious intentions in developing the worm.

According to a report by BleepingComputer, which first reported about EternalRocks last week after it was discovered by Croatian security researcher Miroslav Stampar, widespread media coverage about the malware led to the cybercriminal behind EternalRocks to abort his operation.

The malware came to light in the wake of the global WannaCry attacks and as such garnered interest given that it used seven leaked NSA hacking tools to spread across Windows computers. EternalRocks shared similarities with WannaCry in using SMB protocol. However, unlike WannaCry, EternalRocks didn't distribute ransomware on infected systems.

On 24 May, Stampar took to Twitter to report that the EternalRocks command and control server (C&C), which is a site hosted on the dark web, featured a new message that read, "Forum Inside! Registration is Open! Why so scary, I only firewall SMB port for you. It's not ransomware."

Any new accounts created on the forum were manually approved by the EternalRocks developer, who goes by the pseudonym "tmc." As of 24 May, the forum reportedly featured two new messages from tmc, in which he claimed not to have any malicious intentions in creating EternalRocks.

In the messages, tmc stressed that EternalRocks was "not ransomware" and that it wasn't dangerous. The hacker wrote that he just "wanted to play some games" and that it works as a firewall. He also said that the news about the worm was too much.

"All I did, was use the NSA tools for what they were built, I was figuring out how they work," tmc wrote.

"Well, it seems that I captured author's worm in testing phase. It had great potential, though," Stamper told Bleeping Computer. "[A]s reconstructed from previous versions, there were potentially enough info on him for somebody from law enforcement to connect two and two. Anyway, I suppose that he got scared because of all this fuzz and just dropped everything before being blamed for even something he didn't do."

EternalRocks is now delivering dummy executable. However, for those systems already infected with the malware, scanning of new victims will continue, unless the infection is removed.