Subj : Infamous botnet turns to new file pumping tactic to attack users
To   : All
From : TechnologyDaily
Date : Wed Mar 15 2023 10:15:03

Infamous botnet turns to new file pumping tactic to attack users

Date:
Wed, 15 Mar 2023 10:00:36 +0000

Description:
Files of large sizes don't get scanned by antivirus programs, and hackers 
know it.

FULL STORY
======================================================================

After being AWOL for a couple of months, the dreaded Emotet botnet is back 
and sports new tricks. 

Cybersecurity researchers from Deep Instinct recently spotted a new variant 
of the infamous malware and claim its been updated with a few new tricks that 
help it evade detection by antivirus programs, Ars Technica reported. 

As per the report, Emotets been doing what it does best - distributing 
weaponized Word files via email , carrying macros that - if enabled - trigger 
a malicious payload download from a third-party website. The file being 
distributed has been pumped - inflated to large sizes. That helps it evade 
triggering the antivirus. Activating macros 

Emotet uses different methods to pump the file - sometimes it just has zeros 
added to the end of the document, and sometimes there are entire paragraphs 
from Moby Dick copied and pasted - in white-colored font against a white 
background, so that they cant be seen. 

On average, the file is more than 500MB in size, the researchers said. Files 
of this size are usually not scanned by antivirus programs. 

The contents of the document are also blurred out, with an overlaid message 
saying document is protected - to trick the victim to activate macros. 

If that happens, the Word document will download a malicious .DLL file thats 
also been pumped. The .DLL is hosted on a legitimate third-party site thats 
been hacked and is being used as a mule - to distribute the malware. Read 
more 

> Emotet is still the world's worst malware - but maybe not for long 


 > The Emotet botnet has returned with a vengeance 


 > Check out the best firewalls right now 

In case the victim ends up unknowingly downloading Emotet, it will scan the 
endpoint for passwords and other sensitive data, and extract it to a remote 
location. 

Furthermore, it will use the compromised device to spread to more victims. As 
previously noted, Emotet usually spreads through email, by tapping into an 
existing email chain, and replying to a previous message in order not to 
raise any suspicion. In the email, Emotet will also address the victim by 
name. 

Finally, the botnet is capable of downloading additional malicious payloads, 
such as the Ryuk ransomware, or the TrickBot malware. Keep your business safe 
with the best endpoint protection right now



======================================================================
Link to news story:
https://www.techradar.com/news/infamous-botnet-turns-to-new-file-pumping-tacti
c-to-attack-users


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.