The new Have I Be Emotet service lets you check if a domain or email address has been sent to your Emotet spam.
The Emotet is a malware infection, which is spread through spam emails that contain malicious Word or Excel documents. When the victim opens such a file and the macros in Word or Excel are activated, the Emotet trojan will be installed on his computer.
When infected, Emotet will steal the victim's email and relay it to attacker-controlled servers. These emails will then be used as future junk mail campaigns to make the malicious spam look legitimate.
Over time, the Emotet trojan will download and install other malicious programs, such as TrickBot and QakBot, onto the computer of an infected user. These trojans are known to lead to ransomware attacks by ransomware operators Ryuk, Conti and ProLock.
The Emonet trojan also steals e-bakning codes from the victim, which prompted the Cybercrime Prosecution will issue a warning to the Greeks users of the Internet.
Today, the Italian cyber security company TG Soft, launched a new service called Have I Been Emotet, which lets you check if a domain or email address has been used as a sender or recipient of Emotet spam campaigns.
TG Soft reports that the base δεδομένων τους αποτελείται από ελεγχόμενα εξερχόμενα email που δημιουργήθηκαν από την Emotet μεταξύ Αυγούστου και 23 Σεπτεμβρίου 2020. Κατά τη διάρκεια αυτής της περιόδου, έχουν συλλέξει πάνω από 2,1 millions email addresses from approximately 700.000 outgoing emails.
To use the service, you can simply enter a domain or email address and it will let you know how many times the email address or domain has been used as the sender or recipient of an email.
For example, using this service, we can see that domain Microsoft.com, was used in recent Emotet campaigns and that the company received Emotet spam forty-two times.
If you use this service and find that your email address or domain has been used as a recipient, this does not necessarily mean that you are infected. To be infected, a user would have to open the email attachments and activate the macros before installing the malware.
On the other hand, if your domain has users referred to as a "REAL" sender, then it is likely that one of your email domain users was infected and should be thoroughly scanned. research of your computers.