in Diversity

the internet’s most dangerous virus is back

1.3k Views

After a long absence, Emotet, the virus that has given the cybersecurity industry the most trouble, is unfortunately back!

It first appeared in 2014 as a simple Trojan horse. However, Emotet soon evolved into a dangerous malware with the ability to install other malware on already infected PCs. In 2020, this malware was able to infiltrate the Quebec Ministry of Justice. Then, he multiplied attacks aimed at the French, Japanese and New Zealand governments. After several months of absence, Emotet is back in 2023.

Emotet: back to play a dirty trick on us

The Emotet malware technique is quite simple. Basically, it consists of sending malicious emails under the name of a famous sender, while addressing the recipient by name. As a result, the virus tricks victims into clicking on links in order to activate macros (series of instructions bundled into a single command/shortcut).

In order to dodge the radars of security systems, Emotet has developed its own method. Indeed, he attaches a Word document in which there is a lot of superfluous data (lots of figures for example). That’s not all, the files it attaches weigh more than 500 MB, which is heavy enough to dodge security scans.

The Word document is trapped using a method known as “binary padding” or “file pumping”. This technique consists of writing white text on a white background in order to go unnoticed.

In addition to the weight of the file, which already makes it possible to pass over the security barrier, the text that hackers add using Emotet acquires a capacity allowing it to pass unnoticed by the various security solutions.

When you open the file, the Word document launches under a panel that says the content is not accessible unless you click the “enable content” button. Clicking this button will automatically override Word’s default, which has the effect of enabling macros.

Subsequently, the macros will use Office to download a zip extension from an unsecured website. As soon as the Rar extension is unzipped, an infected DLL file is installed. This file is a kind of library that contains data and code that can be used by different programs.

The consequences of this virus

Once the machine is infected, Emotet will have access to all your passwords and other sensitive data. In addition, the malware can even use email conversations by using them to send spam to your contacts, in order to trap them too. The best trick to stay away from these attacks is to never enable macros in a document received by email.

Written by Emilie Grenaud

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

    Explosion at Pennsylvania chocolate factory leaves two dead, nine missing

    UK’s ‘worst’ airline vs the ‘best’: MailOnline flies Wizz Air to France and returns with Jet2