What’s happened?

Law enforcement agencies across the globe say that they have dealt a blow against Emotet, described by Interpol as “the world’s most dangerous malware”, by taking control of its infrastructure.

DevOps Experience

Police have dubbed their action against Emotet “Operation LadyBird.”

What is Emotet?

Emotet is an extremely advanced and pernicious family of rapidly-spreading malware, with the capability of dropping other malware onto users’ computers.

Emotet first caused problems in 2014 as a banking Trojan horse, but has evolved over the intervening years, updating itself multiple times a day, as it gets ever more sophisticated in its attempt to spread aggressively and bypass defences.

How does a computer become infected with Emotet?

Typically infections are spread via poisoned email attachments. For instance, last February boobytrapped Word documents were sent out pretending to be related to the Coronavirus pandemic.

Victims are lured into opening the Word document, and then duped into enabling macros which will download the Emotet malware and then install further malware onto infected PCs, and attempt to spread across your network.

Email attachment malware. That doesn’t sound that earth-shattering

It may not be that novel, but it works very well. And Emotet did it at scale – with often half a million Emotet-infected emails being sent each day.

And email attachment malware is not the only trick up Emotet’s sleeve.

Last year, for instance, security researchers discovered a previously-unknown capability within Emotet to hunt for Wi-Fi networks in its vicinity and connect to them (attempting to break passwords if necessary), and then hunt for exposed computers on the same network to infect.

So once it has infected your network, what does it do?

Hackers now have remote access to your infected devices, which means they can not only steal data from you and spy on your activities, (Read more...)