The Hero We Need.
A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs:
An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected.
The sabotage, which started three days ago, on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation.
According to Cryptolaemus, a group of white-hat security researchers tracking the Emotet botnet, the vigilante is now poisoning around a quarter of all Emotet's payload downloads.
[...] According to Cryptolaemus member Joseph Roosen, the Emotet gang is more than aware of this issue. In a conversation yesterday, Roosen told ZDNet the Emotet botnet has been down on Thursday, as the Emotet gang apparently tried to root out the attacker from their web shells network.
Despite Emotet's efforts, Roosen said that today, the vigilante was still present and replacing Emotet payloads with GIF files, albeit the Emotet gang was quicker than before at spotting the "replacement" and restoring the original payload.
Overall, the defacements appear to have caused Emotet activity to seriously go down this week.
(Score: 1) by krokodilerian on Saturday July 25 2020, @11:46AM
Kudos to the person doing this, when the existing systems have failed. I hope they never get caught.
(and this is definitely a failure, these botnets shouldn't have existed in the first place)