- Advertisment -

The name-and-email-quoting botnet is back and has new tactics

Considered by many to be one of the top threats on the Internet, the Emotet botnet is back after a long hiatus with some new tricks.

Last week, Emotet made its first appearance this year after a four-month hiatus. He’s back on his trademark activism – a wave of malicious spam that appears to come from a known contact, sending recipients by name and ostensibly to reply to an existing thread. When Emotet returned from previous breaks, it brought new techniques designed to evade endpoint security products and trick users into clicking links or activating dangerous macros in Microsoft documents.

The resumption of operations last week made no difference. For example, a malicious email sent last Tuesday attached a Word document with a large amount of extra data appended to the end. As a result, the file is more than 500 MB, which is large enough to prevent some security products from being able to scan the content. This technique, known as binary padding or file pumping, works by adding zeros to the end of the document. In the event that someone is tricked into activating the macro, the accompanying malicious Windows DLL file is also injected, increasing from 616 KB to 548.1 MB, researchers from security firm Trend Micro said Monday.

Another escape trick was discovered in the attachment: excerpts from Herman Melville’s classic novel Moby Dick, which appear in white font on a blank page, make the text unreadable. Some security products automatically tag Microsoft Office files that contain only macros and images. Invisible text is designed to evade such software without making the target suspicious.

When opened, the Word document displays an image indicating that the content is not accessible unless the user clicks the “Enable Content” button. Last year, Microsoft started disabling macros downloaded from the Internet by default.

Clicking the “enable content” button overrides this default and allows the macro to run. A macro that forces Office to download a .zip file from a legitimate website has been hacked. Office will then unpack the archive and run the bloated Emotet DLL that infects the device.

Elizabeth Haire
Elizabeth Haire
Elizabeth Haire is in charge of coverage for laptops and desktops, and he stays current on the most recent developments in the gaming and technology industries. You can find him enjoying video games, watching social media, and waiting for the next Marvel movie when he isn't writing about technology.

Disclaimer: We want to be clear that the information on Bollyinside.com, including news, articles, reviews, and opinions, is intended for reading and knowledge purposes only. While we strive to provide accurate and up-to-date information, opinion and news, we cannot guarantee the completeness, accuracy, reliability, suitability, or availability of any information. The opinions expressed on this website are those of the authors and do not necessarily reflect our views. We recommend that readers conduct their own research and seek professional advice before making any decisions based on the information provided on this website. We are not responsible for any loss, injury, claim, liability, or damage related to the use of this website or the information contained herein. Read more


- Advertisment -