https://arstechnica.com/information-technology/2019/09/worlds-most-destructive-botnet-returns-with-stolen-passwords-and-email-in-tow/
By Dan Goodin
Ars Technica
9/19/2019
If you've noticed an uptick of spam that addresses you by name or quotes real
emails you've sent or received in the past, you can probably blame Emotet. It's
one of the world's most costly and destructive botnets—and it just returned
from a four-month hiatus.
Emotet started out as a means for spreading a bank-fraud trojan, but over the
years it morphed into a platform-for-hire that also spreads the increasingly
powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into
infected networks to maximize the damage they do. A post published on Tuesday
by researchers from Cisco's Talos security team helps explain how Emotet
continues to threaten so many of its targets.
Easy to fall for
Spam sent by Emotet often appears to come from a person the target has
corresponded with in the past and quotes the bodies of previous email threads
the two have participated in. Emotet gets this information by raiding the
contact lists and email inboxes of infected computers. The botnet then sends a
follow-up email to one or more of the same participants and quotes the body of
the previous email. It then adds a malicious attachment. The result: malicious
messages that are hard for both humans and spam filters to detect.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
