Article 4QQZD World’s most destructive botnet returns with stolen passwords and email in tow

World’s most destructive botnet returns with stolen passwords and email in tow

by
Dan Goodin
from Ars Technica - All content on (#4QQZD)
botnet5-800x450.jpg

Enlarge (credit: Getty Images)

If you've noticed an uptick of spam that addresses you by name or quotes real emails you've sent or received in the past, you can probably blame Emotet. It's one of the world's most costly and destructive botnets-and it just returned from a four-month hiatus.

Emotet started out as a means for spreading a bank-fraud trojan, but over the years it morphed into a platform-for-hire that also spreads the increasingly powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into infected networks to maximize the damage they do. A post published on Tuesday by researchers from Cisco's Talos security team helps explain how Emotet continues to threaten so many of its targets.

Easy to fall for

Spam sent by Emotet often appears to come from a person the target has corresponded with in the past and quotes the bodies of previous email threads the two have participated in. Emotet gets this information by raiding the contact lists and email inboxes of infected computers. The botnet then sends a follow-up email to one or more of the same participants and quotes the body of the previous email. It then adds a malicious attachment. The result: malicious messages that are hard for both humans and spam filters to detect.

Read 11 remaining paragraphs | Comments

index?i=udXfMxGQ3U4:s49wQA6Uqm8:V_sGLiPB index?i=udXfMxGQ3U4:s49wQA6Uqm8:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments