Dismiss this notice
EaseUS Todo Backup Home Giveaway - https://www.geeks.fyi/showthread.php?tid=12343

Dismiss this notice
EaseUS MobiSaver for Android 5.0 Giveaway - https://www.geeks.fyi/showthread.php?tid=12344

Dismiss this notice
Avast Premium Security FREE LICENSE Giveaway - https://www.geeks.fyi/showthread.php?tid=12417

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Avast_Threat_ Research: Yes, Emotet remains an active malware threat
[Image: TVDumYE.png]

Emotet has cropped up again, and this time, there's more to the story

One of the longest-running and more lethal malware strains has once again returned on the scene. Called Emotet, it started out life as a simple banking Trojan when it was created back in 2014 by a hacking group that goes by various names, including TA542, Mealybug and MUMMY SPIDER.

Its history has been tracked by researchers, such as this timeline from Proofpoint.

As you can see, it has been through numerous enhancements and improvements. By 2017, its creators had expanded its attacks to deliver various banking trojans (including Qakbot and TrickBot) and steal browser stored passwords. Compromised PCs would be recruited to help form a botnet that was then used to launch additional phishing attacks. A report from Bromium issued in June 2019 tracked its evolution up until that moment in time. The report documents how Emotet’s owners or operators have shifted their strategy from stealing bulk data to selling their malware as a service for others to ply their trade.

What made Emotet interesting was its well-crafted obfuscation methods. It was one of the early malware samples to deploy polymorphic code to vary its size and attachments, meaning that it would change its form and procedures to try to evade detection. It also used multi-state installation procedures and encrypted communications channels. Over the years, it has had some very clever lures, such as sending spam emails containing either a URL or an attachment, and purport to be sending a document in reply to existing email threads. IBM’s X-Force found one variation that uses the COVID-19 virus as part of its phishing lure.

Over time, Emotet has expanded to encompass three different botnet infrastructures, again to make it harder to repel. And to make their
phishing lures more believable, they would translate their message subjects, filenames and contents to match the destination countries of their targets, producing not only English but German, Chinese and Spanish versions. Earlier this year, researchers discovered a new module that allows the malware to find open (or easily guessed passwords of) nearby WiFi networks to infect.

We covered Emotet most recently back in late 2018. Now, it seems to be back in use. Earlier this year, it had a five-day run that delivered nearly two million phishing emails. And in July, another variation was observed sending out at least 250,000 phishing lures, mostly aimed at US and UK users. Malwarebytes has samples of the emails used and more specifics of its operation. It appears to be using a new Word template for its infected attachment, but not much else. 
Continue Reading

Forum Jump:

Users browsing this thread: 1 Guest(s)
You have to register before you can post on our site.



Recent Posts
GFYI [Official] Avast Premium Security ...
"WHAT do you li...angustaver — 07:38
AV-Test.org - Best Windows AV software ...
F-Secure PSB Compute...jasonX — 20:34
Best VPN for Android TV
Just to add, Expr...jasonX — 20:27
Avast_Blog_Security News: An elections s...
Exploring the l...harlan4096 — 16:38
What Is Riskware? Cybersecurity Threats ...
In the Online W...harlan4096 — 16:31

Today's Birthdays
avatar (42)riafootgtap
avatar (33)fixlnub
Upcoming Birthdays
avatar (42)RussellRuigh
avatar (49)isyqop
avatar (39)AntoineLer
avatar (33)prefenouff
avatar (34)emogig
avatar (36)Isabelle88Nes
avatar (36)ferpuMip
avatar (33)kinotExaro
avatar (45)HerbertPab
avatar (42)Susanskymn
avatar (36)stepaRurry
avatar (32)torieyang
avatar (41)MichaelPlaup
avatar (34)JasonSoult
avatar (31)hyxamuc

Online Staff
There are no staff members currently online.