Two weeks after security alerts were issued by France, Japan and New Zealand to increase its activity emotet, new warnings were published in Italy the Netherlands, but also from Microsoft.
These new alerts come as Emotet activity continues to grow, overshadowing any other malware activity that is active today.
Emotet is by far the largest malware botnet. It was dormant for most of this year, from February to July, but apparently came back for good.
Unfortunately, the inactivity did not last long, and Emotet operators are completely back in control of their botnet, which they use to send more and more unwanted messages.
These spam emails post officey are bundled with malicious files, which infect the host with the Emotet malware. The gang then sells access to these infected hosts to other gangs in exchange for administrators. ransomware
Many times, and especially in large corporate environments, an Emotet infection can turn into an ransomware attack within a few hours.
This is why cyber security services and CERT teams in France, Japan, New Zealand, Italy and the Netherlands are so scared of Emotet spam campaigns and issue defense-boosting alerts.
Emotet currently prefers to use a technique called "email chains" or "hijacked treads."
For the technique used by the Emotet gang, they first steal an existing email chain from an infected host and then reply to the emails using the existing subject. The email for watchers comes using a spoofed ID card, and contains a malicious document, hoping to trick participants in the email chain into opening the attachment and infecting their system.
Emotet has been using this technique since October 2018 but has improved it a lot lately.
The technique is quite clever and effective and has been analyzed in a published report today από την Palo high Networks
However, alerts from Microsoft and the Italian authorities also warn of another recent change in Emotet junk mail campaigns, which now use password-protected ZIP files instead of Office documents.
Η ιδέα είναι ότι χρησιμοποιώντας τέτοια αρχεία προστατεύονται με κωδικό πρόσβασης, τα portals ασφαλείας email δεν μπορούν να ανοίξουν το file to scan its contents and won't see any traces of malware it contains.
Emotet joined the password-protected attachment bandwagon with a campaign starting Friday. The campaign slowed down over the weekend (typical of Emotet) but was back today in even larger volumes of emails in English, as well as in some European languages. pic.twitter.com/POppQ51uMX
— Microsoft Threat Intelligence (@MsftSecIntel) September 22, 2020
