AudioDigital HomeGamingHome CinemaMobile Computing

Infamous botnet turns to new file pumping tactic to attack users

After being AWOL for a couple of months, the dreaded Emotet botnet is back and sports new tricks. 

Cybersecurity researchers from Deep Instinct recently spotted a new variant of the infamous malware and claim it’s been updated with a few new tricks that help it evade detection by antivirus programs, Ars Technica reported. 

As per the report, Emotet’s been doing what it does best – distributing weaponized Word files via email, carrying macros that – if enabled – trigger a malicious payload download from a third-party website. The file being distributed has been “pumped” – inflated to large sizes. That helps it evade triggering the antivirus. 

Activating macros

Emotet uses different methods to “pump” the file – sometimes it just has zeros added to the end of the document, and sometimes there are entire paragraphs from Moby Dick copied and pasted – in white-colored font against a white background, so that they can’t be seen. 

On average, the file is more than 500MB in size, the researchers said. Files of this size are usually not scanned by antivirus programs.

The contents of the document are also blurred out, with an overlaid message saying “document is protected” – to trick the victim to activate macros. 

If that happens, the Word document will download a malicious .DLL file that’s also been “pumped”. The .DLL is hosted on a legitimate third-party site that’s been hacked and is being used as a mule – to distribute the malware.

Read more

> Emotet is still the world’s worst malware – but maybe not for long

> The Emotet botnet has returned with a vengeance

> Check out the best firewalls right now

In case the victim ends up unknowingly downloading Emotet, it will scan the endpoint for passwords and other sensitive data, and extract it to a remote location. 

Furthermore, it will use the compromised device to spread to more victims. As previously noted, Emotet usually spreads through email, by tapping into an existing email chain, and replying to a previous message in order not to raise any suspicion. In the email, Emotet will also address the victim by name. 

Finally, the botnet is capable of downloading additional malicious payloads, such as the Ryuk ransomware, or the TrickBot malware.

Keep your business safe with the best endpoint protection right now

You Might Also Like

This $399 AMD-based one-eyed PC is one of the wackiest designs I’ve seen in 25 years

Framework’s DIY laptop shames Apple and Microsoft with its upgradable CPU and makes me excited for the future

Insta360 teases new challenger for DJI’s class-leading smartphone gimbal

A new Python info-stealing malware is using Unicode to stay undetected

Share this Article
Previous Article Feds to Microsoft: Clean up your security act — or else
Next Article Get 3 years of rock-solid protection with Surfshark VPN for $83.99
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Create an Amazing Newspaper
Discover thousands of options, easy to customize layouts, one-click to import demo and much more.

Latest News

This $399 AMD-based one-eyed PC is one of the wackiest designs I’ve seen in 25 years
Audio Digital Home Gaming Home Cinema Mobile Computing
10 Things to Know When Using SHACL With GraphDB
Agile AI Big Data Cloud Database Devops Integration IoT Java Microservices Open Source Performance Security Web Dev
Top 5 Data Streaming Trends for 2023
Agile AI Big Data Cloud Database Devops Integration IoT Java Microservices Open Source Performance Security Web Dev
How to create custom images with Podman
Amazon Analyst Insights Android Apple Ecommerce
Register Lost your password?