There’s a reason your inbox has more malicious spam—Emotet is back

by
Dan Goodin
from Ars Technica - All content on (#55WBW)
botnet-01-800x450.jpg

Enlarge (credit: Aurich Lawson)

Emotet, the world's most costly and destructive botnet, returned from a five-month hiatus on Friday with a blast of malicious spam aimed at spreading a backdoor that installs ransomware, bank-fraud trojans, and other nasty malware.

The botnet sent a hefty 250,000 messages during the day, mostly to people in the United States and the United Kingdom, Sherrod DeGrippo, senior director of threat research and detection at security firm Proofpoint, told Ars. Other researchers said targets were also located in the Middle East, South America, and Africa. The botnet followed its characteristic pattern of sending either a malicious document or link to a malicious file that, when activated, installs the Emotet backdoor.

emotet-map-640x442.png

A map showing where Emotet hit on Friday. (credit: Peter Kruse)

The botnet gave its first indications of a return on Tuesday, with small message volumes being sent out. Email samples that appeared on Twitter accounts from threat monitors abuse.ch and Spamhaus looked like this:

Read 10 remaining paragraphs | Comments

index?i=c_ujbrhv_RQ:EY-NFmsQISE:V_sGLiPB index?i=c_ujbrhv_RQ:EY-NFmsQISE:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments