Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday September 23 2019, @10:13AM   Printer-friendly
from the didn't-take-all-of-the-antibiotics dept.

Arthur T Knackerbracket has found the following story:

With the reawakening of the Emotet botnet, the distribution methods, payloads, malicious document templates, and email templates continue to evolve. This article will go over some of the changes that have been observed by various security researchers over the past couple of days.

After months of inactivity, Emotet came back to life on Monday as it started churning out spam emails that push malicious attachments to unsuspecting users.  While formerly a banking Trojan that would steal login credentials, the Emotet Trojan is now used as a distribution vehicle for other malware.

Only after a few days, researchers have already started to see Emotet split into different distributions and employ new document templates designed to further trick users into enabling malicious Word macros.

When the Emotet botnet came back to life again, it was using a malicious Word document template that asked you to "Accept the license agreement" by clicking on the "Enable Content" button. Doing so, would enable macros embedded in the document that would then install the Emotet Trojan on the recipient's computer.

As seen by Microsoft and security researchers such as JamesWT, Joseph Roosen, Brad Duncan, ps66uk, and others, Emotet has changed its malicious document template to use a new "Protected View" lure. This lure tells the potential victims that the "action can't be completed because the file is open in Protected View. Some active content has been disabled. Click Enable Editing and Enable Content."

-- submitted from IRC


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.