A prolific botnet has reemerged with new techniques to infect Windows PC with malware.
Once described as the most dangerous malware botnet in existence, Emotet helped cyber criminals to distribute malware and ransomware to victims around the world, before being disrupted by a coordinated global law enforcement takedown in January 2021.
But Emotet reemerged 10 months later and has resumed campaigns. It is sending out millions of phishing emails in mass spam campaigns, with the aim of infecting devices with malware that ropes them into a botnet controlled by cyber criminals.
SEE: A winning strategy for cybersecurity (ZDNet special report)
According to cybersecurity researchers at Proofpoint, Emotet appears to be testing new attack techniques at a small scale, which could potentially be adopted for much larger campaigns. These techniques are designed to make attacks more difficult to detect, ultimately increasing the chances of them being successful.
The emergence of new attack techniques has coincided with a period when it seemed widespread Emotet campaigns were put on hold, with new activity occurring at low volume.
One of these new campaigns exploits compromised email accounts to send out spam-phishing emails with one-word subject lines – researchers note that one of them is simply ‘Salary’, a subject line that could encourage a user to click out of curiosity.
The message bodies contain only a OneDrive URL, which hosts zip files containing Microsoft Excel Add-in (XLL) files