Emotet botnet is one of the largest sources of malspam. Malspam is a term used to describe emails that deliver malware-laced file attachments. Emotet has recently developed a new campaign that show a message claiming to be from the Windows update service, telling users that the Office app needs to be updated. Like they’re other malspam, this is done by clicking the enable editing button. These malware documents are being sent from emails with spoofed identities that appear to come from acquaintances and business partners.
Emotet is know for using a technique called conversation hijacking, meaning it steals email threads from infected hosts, inserts itself in the thread with a reply spoofing one of the participants, and finally adding the malicious office documents as attachments. The technique is generally hard to notice which is why Emotet manages to infect corporate and government networks on a regular basis. Proper security awareness and training is generally the best way to safeguard against Emotet attacks. Any user that works with emails daily must be made aware of enabling macros inside documents as this feature is rarely used for legitimate purposes. The article goes on to show a list of the most popular Emotet document lures.
https://www.zdnet.com/article/new-emotet-attacks-use-fake-windows-update-lures/#ftag=RSSbaffb68
Leave a Reply
You must be logged in to post a comment.