Apr 26 2021

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Category: BotnetDISC @ 1:52 pm

European law enforcement has conducted an operation aimed at performing a mass-sanitization of computers infected with the infamous Emotet Windows malware.

European law enforcement agencies automatically wiped the infamous Emotet malware from infected systems across the world as part of a mass sanitization operation.

Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action. 

This operation was the result of a joint effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust.

The law enforcement agency was able to take over at least 700 servers used as part of the Emotet botnet’s infrastructure.

The authorities started pushing out a 32-bit payload named “EmotetLoader.dll” to clean up the infected systems, the process was set to trigger itself automatically on April 25, 2021 as confirmed by researchers at Malwarebytes.

Bye Bye Emotet, law enforcement pushed the uninstall code via the botnet

Tags: Emotet

Oct 29 2020

Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery

Category: RansomwareDISC @ 2:05 pm

A relative newcomer in the “malware-as-a-service” scene is starting to attract the big-money ransomware criminals.

Source: Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery

Understanding malware as a service

MaaS Chaos. Is Malware-as-a-Service Growing?
In the legitimate business world, there’s something known as Software-as-a-Service, or SaaS. Here’s a definition: A software licensing-and-delivery model in which centrally located and controlled software is made available and licensed/rented on a subscription basis by users. SaaS clients are generally businesses.

Now, organized online crooks have moved into that space and business model too. It didn’t take long for that large-scale approach to not only hit the Internet, but to create a lucrative malware business for criminals who are selling viruses and more to anyone who wants it and is willing to pay for it. It’s “MBA-like” thinking for the purpose of making money by committing technologically based crimes.

Malware-as-a-Service is the latest term for the business of a network of sophisticated cyber-crooks providing illegal services, for a fee.

One of the reasons that cybercrime has grown so rapidly is that the criminals at the top of the “food chain” have built scalable business models for their crimes. This allows experienced hacking groups to collaborate, and new criminals to leverage the resources of veteran hackers. “Crime-as-a-service” is nothing new, but the tools change rapidly as crimeware developers work to exploit the latest vulnerabilities and stay ahead of security. The Emotet banking trojan has emerged as a leader in providing malware delivery services to other hacking groups, and you will want to make sure you understand and defend against this threat.

Emotet emerges as a leader in Malware-as-a-Service

Tags: Emotet, malware-as-a-service