World's most destructive botnet returns with stolen passwords and email in tow

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2019/09/worlds-most-destructive-botnet-returns-with-stolen-passwords-and-email-in-tow/

By Dan Goodin
Ars Technica
9/19/2019

If you've noticed an uptick of spam that addresses you by name or quotes real 
emails you've sent or received in the past, you can probably blame Emotet. It's 
one of the world's most costly and destructive botnets—and it just returned 
from a four-month hiatus.

Emotet started out as a means for spreading a bank-fraud trojan, but over the 
years it morphed into a platform-for-hire that also spreads the increasingly 
powerful TrickBot trojan and Ryuk ransomware, both of which burrow deep into 
infected networks to maximize the damage they do. A post published on Tuesday 
by researchers from Cisco's Talos security team helps explain how Emotet 
continues to threaten so many of its targets.


Easy to fall for

Spam sent by Emotet often appears to come from a person the target has 
corresponded with in the past and quotes the bodies of previous email threads 
the two have participated in. Emotet gets this information by raiding the 
contact lists and email inboxes of infected computers. The botnet then sends a 
follow-up email to one or more of the same participants and quotes the body of 
the previous email. It then adds a malicious attachment. The result: malicious 
messages that are hard for both humans and spam filters to detect.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_