Destructive botnet on spam spree – Emotet is back

0
767

More than half of our inboxes are bombarded with spam messages on a daily basis. We might keep blocking each user and a new message pops up. The malicious intent of these spam messages could be to steal your data, threaten for money, enter viruses, etc. No matter how strong the cybersecurity is, there is always a loophole a hacker can enter. Nowadays, we have botnets instead of hackers that are programmed to perform all these kinds of malicious activities.

Emotet, the world’s most costly and destructive botnet has returned after a five-month break, blasting the inboxes of users with 250,000 messages every day. They mainly target users from the United States and the United Kingdom, said Sherrod DeGrippo, the senior director of threat and detection at security firm Proofpoint, Ars. The botnet also targets the Middle East, South America, and Africa. The botnet sends spam emails asking you to open a document or link, if opened they will install Emotet Backdoor to conduct fraudulent activities on your devices such as ransomware, backdoor Trojans and other nasty malware. Emotet first indicated its presence on Friday by sending out small messages

So, what do we know about Emotet? Emotet has been one of the most resourceful threats ever encountered. They sent mail from an ID that the user has the previous encounter with, confusing them to open the document/link. The botnet uses words and phrases the user and the correspondent had used previously in their emails. Emotet gets this information through infected computers. Through this technique, the user falls for the trick and end up opening the document. Another of its tricks is that it steals the username and password of outgoing email servers. The botnet then uses this information to trap other users than rely on its own infrastructure. It keeps the users engaged, they’re harder for security products to detect and block.

The botnet, last time showed itself on a five-day spree of spam mailing in February delivering up to 1.8 million messages. Emotet is known for short periods and big blasts then go silent for weeks or months. Keeping its pattern, Emotet rose on Tuesday and disappeared on Saturday completing the task it was bound to do.

“The key for most threat actors is to minimize the time between when [malicious mail] hits the inbox and when it gets opened by the target,” DeGrippo explained. “The longer that time elapses, the bigger the risk to the threat actor that their payload won’t get delivered because of mitigating controls.”