Thursday, January 21, 13:41
Home security Emotet: New campaigns represent emails for Windows Update

Emotet: New campaigns represent emails for Windows Update

In today's cyber security landscape, the Emotet botnet is one of the largest sources of malspam - a term used to describe emails that provide malicious attachments.

These malspam campaigns are absolutely vital for Emotet operators.

It is the base that bots the botnet, feeding new victims to the machine called Emotet - a Malware-as-a-Service company (MaaS) rented to other criminal groups.


To prevent their emails from being picked up and marked as "malicious" or "unwanted", the Emotet team regularly changes the way these messages are delivered and the way they are displayed. attachments.

Emotet operators change the subject matter of the emails, the text of the emails, the type of attachments, but also the contents of the attachment, which is just as important as the rest of the emails.

This is because users receiving Emotet malspam, in addition to reading the email and opening the file, must allow the file to run automatically scripts called "macros". Office macros run after the user clicks the "Enable Editing" button that appears inside a file Office.

Cheating users to enable editing is just as important to malware operators as designing their email templates, malware or infrastructure. backend of the botnet.

Over the years, Emotet has developed a collection of Office documents that use a wide variety of "lures" to persuade users to do click in the "Enable Editing" button.

But this week, Emotet is back with a new lure of documents.

Attachments sent to recent Emotet campaigns show a message claiming to be from Windows Update, telling users that Office must be running be informed. Of course, this must be done by clicking the Enable Editing button.

According to an update from the Cryptolaemus team, these Emotet lures have "spammed" users around the world.

According to this report, to some infected hosts, Emotet installed the TrickBot trojan, confirming a ZDNet report released earlier this week that the TrickBot botnet survived a recent removal attempt by Microsoft and its partners.

These trapped documents are emailed with fake IDs, which appear to come from known and business partners.

In addition, Emotet often uses a technique called "conversation hijacking", through which it steals email threads from infected hosts, inserts itself into the thread with a reply representing one of the participants and adds the Office attachments.

The technique is difficult to detect, especially among users who work with professional email on a daily basis, and this is why Emotet very often manages to infect corporate or government networks.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...

Microsoft: "Zero trust" protects against sophisticated hacking attacks

According to Microsoft, the techniques used by the hackers of SolarWinds, were sophisticated but common and preventable. To avoid future attacks ...

US: Twitter locks Chinese embassy account due to "dehumanization"

Twitter said it locked the account of the Chinese embassy in the United States for a tweet about its women ...

Ransomware victims pay a ransom to prevent their data from being leaked

Keeping backups is very important, especially in cases of Ransomware attacks. However, it seems that the hackers are using new methods, with ...

QAnon fans: Disappointed on social media after Biden was sworn in

Some QAnon supporters have expressed frustration at online forums and chat rooms over Joe Biden's swearing-in. Most...

COVID-19: Amazon wants to help Biden distribute the vaccines

Amazon has offered to help President Biden distribute COVID-19 vaccines. The letter from Dave Clark, vice president ...

Nitro PDF: Leaked database with 77 million user files!

Hacker leaked on January 20 a stolen database containing email addresses, names and passwords for over ...

Hackers provide free online 2 million Pixlr user files!

Hackers have leaked 2 million Pixlr user files containing information that could then be used to execute ...

Donald Trump: Thanks to Lil Wayne, not to Julian Assange!

Outgoing US President Donald Trump will award today thanks to rapper Lil Wayne in a final wave of pardon that ...