0% found this document useful (0 votes)
22 views2 pages

Module 1 D1.2

Researchers have identified a new pulsing of the Emotet dropper malware which is sending 100,000 malicious emails per day delivering other malware like TrickBot and ransomware. Emotet is a prolific spam botnet and downloader that spreads via phishing emails and has worm-like abilities to infect other machines on a network. The new Emotet documents include subtle changes intended to avoid detection like displaying an error message after enabling macros.

Uploaded by

Tante
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
22 views2 pages

Module 1 D1.2

Researchers have identified a new pulsing of the Emotet dropper malware which is sending 100,000 malicious emails per day delivering other malware like TrickBot and ransomware. Emotet is a prolific spam botnet and downloader that spreads via phishing emails and has worm-like abilities to infect other machines on a network. The new Emotet documents include subtle changes intended to avoid detection like displaying an error message after enabling macros.

Uploaded by

Tante
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

The issue

Researchers have identified a new pulsing of the Emotet dropper malware. After two months
of relative inactivity, Emotet began spewing 100,000 malicious emails per day, delivering the
TrickBot banking and information stealing trojans as well as Ryuk and REvil ransomware.

The Emotet botnet is one of the most prolific senders of malicious emails when it is active, but
it regularly goes dormant for weeks or months at a time (Seals, 2020). Emotet is a downloader
that downloads and executes various modules from hard-coded command and control servers.
Emotet is a trojan that primarily collects usernames and passwords for accounts at financial
institutions. Emotet has historically been associated with banking related fraud and is still
capable of loading a banking module. However it has been noted that since 2017 Emotet is
limited to spam and secondary payload distribution.

Emotet has worm-like capabilities allowing it to migrate to other machines on a network, it


most notably spreads via the use of phishing emails. (Palmer, 2021) Malwarebytes researchers
noted that the threat actors are alternating between different phishing lures in order to socially
engineer users into enabling macros – including COVID-19 themes (Seals, 2020).

The new Emotet maldoc includes a noticeable change, likely meant to keep victims from
noticing they’ve just been infected. The document still contains malicious macro code to install
Emotet, and still claims to be a “protected” document that requires users to enable macros in
order to open it. The old version would not give any visible response after the macros were
enables, which may make the victim suspicious. The new version creates a dialog box with the
text “Word experienced an error trying to open the file.” This gives the user an explanation as
to why they do not see the expected content and makes it more likely that they will ignore the
entire incident while Emotet runs in the background.

References

Palmer, D. (2021, January 8). Cybersecurity: This “costly and destructive” malware is the

biggest threat to your network. ZDNet. https://www.zdnet.com/article/cybersecurity-this-

costly-and-destructive-malware-is-the-most-prolific-threat-to-your-network/

Seals, T. (2020, December 23). Emotet Returns to Hit 100K Mailboxes Per Day. Threatpost.com.

https://threatpost.com/emotet-returns-100k-mailboxes/162584/

You might also like