Emotet is Back

Posted by Rob Schnetzer on Wed, Oct, 02, 2019 @ 10:10 AM Schedule a FREE IT Network Assessment

Emotet, it would rather be phishing.

 

First discovered in 2014 Emotet was originally designed as modular malware that sneaks onto your computer and steals personal information. In this form it wasn’t very notable, until someone re-configured it to be a “Loader” which is a virus that has worm like abilities that drops payloads of malware onto a victims computer. The Department of Homeland Security classified it as one of the most costly and destructive malware affecting government  and private sectors costing upwards of 1 million dollars per incident to clean up.

Then in May 4 months ago for no reason it went silent, researchers breathed a collective sigh of relief after there appeared to be no known new cases of Emotet infecting computers and its botnet stopped sending phishing emails. Until the middle of this September when its botnet started cranking out phishing emails once again.  And in a relatively short period of time there have been as many as a dozen websites that have already been compromised due to Emotet’s spam campaign, it targeted 66,000 unique emails for more than 30,000 domain names coming from 3,362 different senders who’s credentials had been stolen.

 

emotet_malware_figure_2

Emotet uses a simple phishing email usually from a stolen contact list belonging to a friend of family member. It begins its assault with something that would attract users, claiming (in their own language) it’s a scanned copy of Edward Snowden’s new book for instance. In other instances it uses existing snippets of conversation to lull you into a false sense of security making you think it’s coming from an authentic source. Once you click on a link with the virus and it’s installed onto your network it then begins the process of masking itself by changing its name, injecting code into critical files onto your computer, downloading more malware onto your computer and then attempting to brute force its way onto your network to infect other computers. On top of all this it’s polymorphic abilities make it very difficult to detect by an anti-virus and when it finally gets access to your sensitive data and contact lists it does it all over again to infect more computers.

How do you avoid Emotet:

  1. First off common sense is your best bet, always be skeptical of any emails, and follow our email phishing guide. This isn’t a silver bullet, but you’ll save yourself a lot of trouble if you follow our tips and train yourself and employees.
  2. Secure all devices on your network, pay special attention to internet of things devices that may have lax security or no security at all.
  3. Anti-Malware tools like Bitdefender, Avira, Malwarebytes and Avast for PC and Intego, Kaspersky, Norton Security Deluxe for Mac. Are a big first line in defense against any and all malware.
  4. Update your computers. Missing updates makes your computers insecure and risks your network. Zero-Day exploits are a common occurrence that are usually caught and fixed before they are publicly divulged. The more often you update your security programs and operating systems the less likely you are to get attacked by malware or a virus.

Be aware that Emotet is an ever evolving malware, you can expect it to adapt to new security measures and change tactics as it is tweaked by the bad actors who are responsible for unleashing it. Keep checking with your trusted tech news outlets for updates on it and other malware

 

 

Topics: Phishing, Malware