It took a global effort to take down the ‘world’s most dangerous’ malware botnet

It took a global effort to take down the ‘world’s most dangerous’ malware botnet

Perhaps there will be far fewer ransomware attacks this year than in previous ones, or maybe that is being way too optimistic. Either way, global law enforcement officials have taken control “one of the most significant botnets of the past decade,” called Emotet.

Described as “one of the most professional and long lasting cybercrime services out there,” Emotet began as specialized piece of malware designed to steal banking information. That was back in 2014. Since then, it has “evolved into the go-to solution for cybercrimals,” according to the European Union Agency for Law Enforcement (also known as Europol).

“The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorized access was established, these were sold to other top-level criminal groups to deploy further illicit activities such data theft and extortion through ransomware,” Europol says.

Like many forms of malware, Emotet primarily spread through infected email attachments. These attachments masqueraded as invoices, shipping notices, and more recently, information about Covid-19, in attempts to trick unwitting recipients into opening them.

“Emotet was much more than just a malware. What made Emotet so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomwares, onto a victim’s computer,” Europol explains.

One thing that made Emotet so dangerous is that it was polymorphic, meaning the malware code was always changing. This is done to evade detection by antivirus programs.

In addition, hundreds of servers around the world comprised the Emotet botnet, all with different capabilities to spread malware. It also proved difficult to take down. This prompted law enforcement officials from around the world to band together, and ultimately cut it off at the knees from the inside.

“The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure.  This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime,” Europol says.

Emotet is now benign, though technically the botnet still exists, at least for now—according to Malwarebytes, it will be dismantled on April 25.

Published at Fri, 29 Jan 2021 13:47:59 +0000