A new service launched that allows users and organisations to check if a domain or email address was used in an Emotet spam campaign.
A new service launched that allows users and organisations to check if a domain or email address was used in an Emotet spam campaign.
Experts worldwide warned about the sudden spike in Emotet spam campaigns targeting private sectors and public administration entities. Alerts were issued by Computer Emergency Response Teams (CERTs) in France, New Zealand and Japan.
What is Emotet?
Emotet started as a banking Trojan in 2014, focused on stealing user information by sniffing networks.
Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. When opened and macros are enabled, it will install the Emotet trojan on a victim’s computer.
The recent Emotet campaign uses spam messages with password-protected ZIP archive files.
Recent spam campaigns used messages with malicious Word documents or links that the receiver is encouraged to download. These links or attachments pretend to be a genuine invoice, shipping information, COVID-19 information, invoice, resumes, financial documents, or scanned documents.
Over time, the Emotet trojan will download and install other malicious code such as TrickBot and QBot on an infected user's computer. These trojans are known to lead to ransomware attacks such as Ryuk, Conti, and ProLock.
New service
TG Soft, an Italian cybersecurity company, launched a new service called `Have I Been Emotet, ’ that allows to check if a domain or email address was used as a sender or recipient in Emotet spam campaigns.
TG Soft said that their database consists of monitored outgoing emails generated by Emotet between August and September 23, 2020. During this period, they have compiled over 2.1 million email addresses from around 700,000 outgoing emails.
To use the service, enter a domain or email address, and it will report how many times the email address or domain was used as the sender of an email or the recipient.
When returning the search result, Have I Been Emotet will provide the following information:
- REAL SENDER: Indicates that the computer using this email account has been compromised and used to send spam emails.
- FAKE SENDER: Indicates that the email address provided by the users was compromised and used in spam campaigns.
- RECIPIENT: Indicates that the email address provided by the users was the recipient of an Emotet spam email.
A recipient does not mean that the user’s organization has been infected.
A recipient could have been infected in case it has opened the attachments used in the spam email and enabled macros before the malware would have been installed.
If a domain was marked as a ‘REAL’ sender, it is suggested to check if it has been infected and a thorough investigation must be done.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?