News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Get a password-protected ZIP file attachment? Just say “Emotet”

    Posted on September 23rd, 2020 at 15:48 woody Comment on the AskWoody Lounge

    Of course you know that you shouldn’t open file attachments sent via email, without independently verifying with the sender that it’s legit.

    And even then, you should think twice.

    It looks like Emotet, the malware that delivers TrickBot and Qbot data-stealing software, is on the rise once again. Emotet first appeared in 2014, bounced around for a while, went into hibernation, then returned with a vengeance in 2019. It basically disappeared in February, 2020, but it’s now riding high.

    You’re most likely to get infected if you open infected Word files or, increasingly, password-protected ZIPs. Per Catalin Cimpanu at ZDNet:

    The Emotet gang operates an email spam infrastructure that it uses to infect end-users with the Emotet trojan. It then uses this initial foothold to deploy other malware, either for its own interest (such as deploying a banking trojan module) or for other cybercrime groups who rent access to infected hosts (such as ransomware gangs, other malware operators such as Trickbot, etc.).

    The latest from Cimpanu:

    The Emotet crew was hoping for a quick return to full capacity, but its comeback was spoiled and delayed for almost a month by a vigilante who kept hacking into Emotet’s infrastructure and replacing its malware with animated GIFs.

    Many times, and especially in large corporate environments, an Emotet infection can turn into a ransomware attack within hours.

    Be careful out there. And never, never, never click on an attachment unless you independently confirm with the sender that it’s safe.