SBN

Malware Spotlight: What are Emotets?

Introduction 

When some first hear the name Emotet, they may think they’re are hearing the name of the villain from the latest bad mummy movie. But Emotets may be considered even more scary than the ancient pariah of horror movies — especially when you find out just how much damage this emerging threat can cause. 

This article will explore the type of malware known as Emotet. We’ll look at what it is and shed some light on how this threat works, the history of Emotet and the impact that Emotet can cause. We’ll also give some tips on how to limit the effect of an Emotet infection.

What is Emotet?

Emotet is a banking Trojan that was first discovered in 2014 and was originally focused on stealing financial information from users of compromised systems, including credit card information, banking information and more. It is not just another information-stealing Trojan, but a major threat that has already garnered some serious attention.

In July of 2018, the U.S. Department of Homeland Security issued an alert about Emotet, describing it as an advanced, modular banking Trojan which acted as a dropper or downloader of other malware, including banking Trojans. This alert warned that Emotet can evade signature-based detection and is intent on spreading itself, making it very difficult to combat. Homeland Security does not issue alerts for every malware that rears its ugly head, which further distinguishes this relatively new type of malware. This alert can be read here

How does Emotet work?

This modular banking Trojan spreads through malware spam emails, or malspam, and can infect Windows systems with malicious scripts, malicious embedded links and macro-enabled documents. These malicious files are stored on a command-and-control (C2) server and are available whenever Emotet needs them. 

Emotet uses familiar email (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/thzgUyeLIJs/