A well-known botnet uses a fresh file pumping strategy to attack users

Share This Post

Emotet did what it did best – delivered weaponized Word files via email, carrying macros that – if enabled – triggered downloading malicious payloads from third-party websites. The delivered file has been “pumped” – bloated to a large size. This helps it avoid activating anti-virus software. Emotet uses different methods to “pump” the file – sometimes only zeros are added to the end of the document and sometimes the entire paragraph of Moby Dick is copied and pasted – into a white font on a white background, so they cannot be seen.

Cybersecurity researchers at Deep Instinct recently discovered a new variant of the notorious malware and announced that it has been updated with some new tricks that help it avoid being hit by anti-malware programs.

On average, the file is more than 500MB in size, the researchers say. Files of this size are usually not scanned by anti-virus programs.

The document content is also blurred, with the message superimposed that “document is protected” – to trick the victim into activating the macro.

If this happens, the Word document will download a malicious .DLL file that has also been “pumped”. The DLL hosted on a legitimate third-party website has been hacked and is being used as a trick – to spread malware.

If a victim accidentally downloads Emotet, they scan the endpoint for passwords and other sensitive data, and extract it to a remote location.

Moreover, it will use the compromised device to spread to more victims. As noted earlier, Emotet is often spread by email, exploiting existing email chains and replying to previous messages so as not to raise suspicion. In the email, Emotet will also call the victim’s name. Finally, the botnet is capable of downloading additional malicious payloads, such as the Ryuk ransomware or TrickBot malware.

Read More:

Partnership Between Mitsubishi Electric and Nozomi Networks Strengthens Operational Technology Security Business

Mitsubishi Electric and Nozomi Networks Partnership Mitsubishi Electric and Nozomi...

Solidion Technology Inc. Completes $3.85 Million Private Placement Transaction

**Summary:** 1. Solidion TechnologyInc. has announced a private placement deal...

Analyzing the Effects of the EU’s AI Act on Tech Companies in the UK

Breaking Down the Impact of the EU’s AI Act...

Tech in Agriculture: Roundtable Discusses Innovations on the Ranch

Summary of Tech on the Ranch Roundtable Discussion: ...

Are SMEs Prioritizing Tech Investments Over Security Measures?

SMEs Dive Into Tech Investments, But Are...

Spotify Introduces Music Videos for Premium Members in Chosen Markets

3 Summaries of Spotify Unveils Music Videos for Premium...

Shearwater to Monitor Production at Equinor’s Two Oil Platforms

Shearwater GeoServices secures 4D monitoring projects from Equinor for...

Regaining Europe’s Competitive Edge in Innovation: Addressing the Innovation Lag

Europe’s Innovation Lag: How Can We Regain Our Competitive...

Related Posts

Government Warns of AI-Generated Content: Learn More about the Issue

Government issued an advisory on AI-generated content. All AI-generated content...

Africa Faces Internet Crisis: Extensive Outage Expected to Last for Months, Hardest-Hit Nations Identified

Africa’s Internet Crisis: Massive Outage Could Last Months, These...

FTC Investigates Reddit for AI Content Licensing Practices

FTC is investigating Reddit's plans...

Journalists Criticize AI Hype in Media

Summary Journalists are contributing to the hype and...