Skip to content
  • .about
  • .home
  • .business & economy
  • .ledger of lies
  • .tech

Corruption Ledger

The Public Ledger of Corruption

  • .corruption
    • banks
    • censorship
    • corporate
    • environment
    • government
    • health
    • journalism
    • misinformation
  • .crime
    • child victims
    • tech crime
    • dimwit crimes
    • financial crime
    • killings
    • shootings
  • .international conflict
    • Israel-Palestine
    • Nordstream
    • Russia vs. West
    • war news
    • war machines
  • .privacy & surveillance
  • .leaks
    • all leaks
    • Wikileaks
  • .regions
    • All Regions
    • Africas
    • North Americas
      • All
      • Canada
      • U.S.
    • Asias
    • Europe
    • Middle East
    • Oceania
  • .sanctions feeds
    • Canadian Sanctions Feed
    • EU Sanctions Feed
    • US Sanctions Feed
  • Toggle search form
  • What’s the basis of the Republicans’ Joe Biden impeachment inquiry? All News
  • Biden impeachment inquiry opens with focus on son’s business dealings All News
  • Polish minister launches bill to extradite Ukrainian Nazi WW2 veteran Hunka from Canada All News
  • Poland: Ukraine is drowning and therefore dangerous All News
  • This China trade war isn’t about semiconductors: Straits Times Business & Economy
  • Airbus Hacker Threatens to Sell US, Europe Military Intel on Dark Web All News
  • Intel-linked UK official pushing censorship of Russell Brand -The Grayzone _enforcement
  • Australia Signs $210 Million Underwater Tracking Contract All News

The Emotet botnet returns and is sending a slew of malicious emails

Posted on March 14, 2023August 12, 2023 By CorruptionLedger

The notorious Emotet botnet, considered one of the biggest threats to internet security, has resurfaced after a prolonged hiatus, armed with new tactics. The botnet’s trademark strategy of sending spam messages that appear to be from a known contact, addressing recipients by name and purporting to respond to existing email threads, was observed again last week after a four-month break.

Previous resumptions of activity have seen Emotet deploy fresh techniques to avoid endpoint security products and deceive users into clicking on links or enabling dangerous macros in Microsoft Office attachments.

Last Tuesday, a malicious email was sent containing a Word document that had a massive amount of extraneous data added to the end, making it over 500MB in size, which could thwart some security products from scanning the contents. This is known as binary padding or file pumping, whereby zeros are added to the end of the document. If the user is tricked into enabling the macro, the Windows DLL file that is delivered is also pumped, causing it to expand from 616kB to 548.1MB, according to security firm Trend Micro.

Another new evasion technique was observed in the same document, which contained excerpts from Herman Melville’s classic novel Moby Dick, appearing in white font on a white page so that the text is not readable. Some security products flag Microsoft Office files containing only a macro and an image, which the hidden text aims to circumvent without raising the target’s suspicion.

Emotet Botnet utilizing text from Moby Dick to deceive targets (credits: Trend Micro)

When the document is opened, the user is presented with a graphic that says the content can’t be accessed unless the user clicks the “enable content” button.

Microsoft had previously disabled macros downloaded from the internet by default, but users could still choose to enable them. The malware attack relies on this vulnerability, which requires users to enable macros in order to download a .zip file from a hacked legitimate website.

Enable macro tactice employed by the Emotet (Credits: Trend Micro)

Office will then unzip the archived file and execute the inflated Emotet DLL infecting the device with devastating consequences. The malware is designed to steal sensitive data such as passwords and other confidential information. It also uses the victim’s machine to send spam emails to other users, further spreading the infection.

When a device is infected with malware, it poses a great threat to its user’s sensitive data. This malicious software is designed to steal passwords, confidential information, and it can use the device to send spam emails to the user’s contacts. Furthermore, the malware is capable of downloading other harmful software such as the notorious Ryuk ransomware or the TrickBot malware. This is an example of the infection chain:

Emotet infection chain (credits: Trend Micro)

The latest revival of Emotet has once again showcased the botnet’s signature behavior of paying close attention to detail. This malicious software has spent years meticulously copying email conversations from infected machines and embedding them into spam messages sent to other parties in the same thread. By doing so, Emotet’s spam messages have a higher chance of going undetected, as they appear to come from someone the target has previously communicated with. Additionally, Emotet has the ability to infiltrate Wi-Fi networks and infect connected devices.

With the resurgence of Emotet, it is imperative to remain alert against the threat of malicious emails that can potentially compromise system security, even if they appear legitimate, and incorporate personalized elements.

Macros embedded within email attachments should be treated with caution, as they can execute malicious code on the user’s system. Before enabling macro functionality, it is recommended to confirm the identity of the sender through non-email means, such as phone or instant messaging.

Related

https://zerosecurity.org/2023/03/the-emotet-botnet-returns-and-is-sending-a-slew-of-malicious-emails/

Crime, Cyber-Crime, Tech, z-Exclude

Post navigation

Previous Post: US drones have no business near Russia – ambassador
Next Post: OneTrust board changes ready it for ‘last phase as a private company’

Wall of Shame

  • Censorship & Access to Information
  • Environmental Collapse
  • Journalism
  • In Court
  • Enforcement
  • Free Speech: What’s it good for?

Recent

  • What’s the basis of the Republicans’ Joe Biden impeachment inquiry?
  • Biden impeachment inquiry opens with focus on son’s business dealings
  • Polish minister launches bill to extradite Ukrainian Nazi WW2 veteran Hunka from Canada
  • Poland: Ukraine is drowning and therefore dangerous
  • This China trade war isn’t about semiconductors: Straits Times
  • Airbus Hacker Threatens to Sell US, Europe Military Intel on Dark Web
  • Intel-linked UK official pushing censorship of Russell Brand -The Grayzone
  • Australia Signs $210 Million Underwater Tracking Contract
  • TransUnion denies it was hacked, links leaked data to 3rd party
  • 400,000 calls made to Japanese Embassy in China over radioactive water
About CL
Shootings | Air Force and Aerospace
Rumble Video from CL
  • Hong Kong police issue arrest warrants for 8 political activists living in exile All News
  • Politician accuses FDIC of coercing banks into denying services to lawful crypto companies banks
  • US / 39 entities sanctioned – ‘shadow banking’ for Iran _enforcement
  • American Politician ties with Bin Salman Saudi Family Corruption
  • Canada faces questions over alleged Chinese interference All News
  • Trump classified documents trial in Florida to begin in May 2024 corporate corruption

Copyright © 2022 Corruption Ledger. This web site contains no ads.