Millions of email addresses collected from Emotet botnet for malware distribution campaigns, published by FBI, as part of the police service 's effort to "clean up" infected computers. Domain users and owners they can now find out if Emotet affected their accounts, searching the database for emails stolen from Emotet.
On earlier this year, law enforcement and judicial authorities around the world conducted a joint venture, by name «Operation Ladybird», which removed the Emotet botnet. Researchers have now taken control of its infrastructure, following international coordinated action. At 25 April, law enforcement made an update that uninstall Emotet malware from all affected systems.
This operation was the result of a joint effort between the authorities from the Netherlands, Germany, the USA, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust.
In addition to computer systems, the Emotet also violated a large number of email addresses and used them for his "business". The FBI now wants to provide the owners of these email addresses with one quick way to check if they have been affected by Emotet.
So, the FBI and National High Technical Crime Unit of the Netherlands (NHTCU) reported 4.324.770 emails stolen from Emotet, with data breach notification service Have I Been Pwned (HIBP).
Troy Hunt, creator of HIBP, said that 39% of these email addresses had already been indexed as part of other data breach cases. Email addresses belong to users from numerous countries. They came from links stored on the Emotet infrastructure to send malicious emails or were collected by users' web browsers.
Due to their sensitive nature, Emotet data cannot be searched publicly. Service subscribers affected by the Emotet breach have already been notified, Troy Hunt said. In addition, referring to the verification process, Hunt pointed out that Individuals should either verify the address control via the notification service or search for a domain to see if they are affected.
The Dutch National Police, which was part of the Emotet removal operation, has a similar search service where users can check if Emotet has violated their emails.
Users can enter an email address and if their account is part of the data collected by Emotet botnet, the Dutch police will send them a message with instructions on what to do. At 3 February, Dutch police added 3,6 million email addresses in its control service.
Another service, called Have I Been Emotet by the cybersecurity company "TG Soft" released it 1 of October 2020. It checks if Emotet used an email address as a sender or recipient. However, it was last updated on January 25, two days before the botnet is removed.
Emotet is one one of the most infamous botnets of this decade, having caused worldwide losses amounting to hundreds of millions of dollarsWhile Infected more than 1,5 million computers in about nine months.
In addition, it played an important role in distribution chain of many ransomware strains, as it often distributed QakBot and malware Trickbot in a compromised network, which in turn distributed ProLock or Egregor, and Ryuk and Conti, respectively.
On January 27, all three Epochs - botnets with separate infrastructure - of Emotet came under the control of law enforcement agencies.