Emotet spam botnet is making a comeback

Posted on Friday, September 20 2019 @ 9:13 CEST by Thomas De Maesschalck

ARS Technica reports the powerful Emotet botnet is back. After a four-month hiatus, there's once again an uptick of spam that addresses you by name or quotes real e-mails you've sent or received in the past. Emotet generates these messages by harvesting the contact lists and e-mail inboxes of the computers that it infects.

Because the spam mails created by Emotet look a lot more like genuine e-mail traffic, they're a lot harder to detect for both humans and spam filters. The botnet spreads itself via a malicious attachment, that relies on further social engineering and Office macros to download a payload.

"It's easy to see how someone expecting an email as part of an ongoing conversation could fall for something like this, and it is part of the reason that Emotet has been so effective at spreading itself via email," Talos researchers wrote in the post. "By taking over existing email conversations and including real Subject headers and email contents, the messages become that much more randomized and more difficult for anti-spam systems to filter."

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!