Wednesday, January 20, 08:11
Home security Microsoft, Italy, the Netherlands warn of an increase in Emotet malware

Microsoft, Italy, the Netherlands warn of an increase in Emotet malware

Two weeks after France, Japan and New Zealand issued warnings to increase Emotet activity, new warnings were issued last week by Italy, the Netherlands and Microsoft. These new warnings come as Emotet activity continues to grow significantly, overshadowing the activity of any other malware currently in the threat landscape.

Joseph Roosen, a member of Cryptolaemus, a team of security researchers who monitor campaigns of Emotet malware, told ZDNet yesterday that a strong Emotet has been observed spam lately. Roosen noted that he has been receiving about 400 for the past two weeks e-mail per day, while usually receiving from twelve to 100.

Emotes malware

Emotet, which is by far the biggest malware botnet, was inactive from February to July 2020, when it made its return. Its pilots sought a quick return to the threat landscape, but their plans were thwarted and Emotet's return was delayed by about a month, as a hacker invaded their infrastructure and replaced the malware with GIFs.

This, however, did not last long, as Emotet operators finally found a way to stop the hacker and now have full control of their botnet, which they use to generate more and more spam emails on a daily basis.
These spam emails are accompanied by malware archives, which infect the host with Emotet malware. Emotet operators then sell access to infected servers in other hacking gangs, including operators ransomware. Many times, and especially in large corporate environments, an Emotet infection can turn into an ransomware attack within hours.

This is why cybersecurity services, CERT (Computer Emergency Response Teams) teams in France, Japan, New Zealand, Italy and the Netherlands, as well as Microsoft, are worried about Emotet spam campaigns and while also issuing warnings to companies, urging them to strengthen their defenses to avoid Emotet spam.

Emotet malware-technique

It is worth noting that Emotet malware has a wide variety in its spam businesses. Roosen, who has been following the botnet for years, said that Emotet has been using a technique called "email chains" since October 2018. Hijacked threads. The technique is based on the Emotet malware gang that first steals an existing email chain from an infected server and then responds to the email chain with its own response, using a forged ID, while also adding a malicious document, hoping to motivate participants. in the email chain to open the file and get "infected". It is a smart but effective technique, which was analyzed in a report by Palo Alto Networks published yesterday.

Microsoft, Italy, Netherlands -Emotet malware-warnings

However, warnings from Microsoft and the Italian authorities point to another recent change in Emotet malware spam campaigns, which are now also exploiting password-protected ZIP files instead of its documents Office. The reason this is done is because using files that are protected by code email security gateways cannot open the file to scan its contents and therefore cannot detect traces of Emotet malware inside.

Finally, Roosen pointed out that the Emotet gang has been using this technique sparingly since mid-2019, but has recently begun to use it more extensively in Emotet spam campaigns. This is exactly the reason why Microsoft and other players are now reacting to its sudden "outbreak".


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



The creator of PUBG is planning an IPO worth $ 27,2 billion! Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...