Emotet Trojan can overload computers on the network

[German]An infection with the Emotet malware can slow down an entire corporate network because the CPUs of Windows devices are being used to their maximum capacity, bringing network and internet traffic down to zero.


After an employee was tricked into opening a phishing email attachment, Emotet took effect. The emotet infection affected the entire network of a company. The malicious program used the CPUs of the Windows system to their maximum capacity, so that the Internet connection only reached a low data throughput.

I have become aware of the above article by Bleeping Computer on the case that Microsoft is disclosing in this document.

A case study

Microsoft names the company that was the victim of an emotet-infection in its case study with the fictitious name Fabrikam. After an employee was tricked into opening a phishing email attachment, the malware routines began downloading the actual malware from the attacker's command and control server (C&C) five days after the initial infiltration. .

5-day delay, credentials captured

Previously, the attackers used the stolen access data to send phishing emails to other Fabrikam employees and their external contacts. As a result, more and more systems were infected and additional malware payloads were downloaded and installed on the computers.


The malware then spread across the entire network without being noticed. The emote Trojan captured credentials for the administrator accounts used to authenticate administrators on new systems. These credentials were later used to infect other systems.

After 8 days nothing worked anymore

Within eight days of opening the first malware attachment, the entire Fabrikam network was brought to its knees, despite the efforts of the IT department. The Windows systems crashed with blue screens because the CPUs overheated. As a result, the systems either stopped or were rebooted. Internet connections were throttled to virtually zero throughput because Emotet was using all the bandwidth.

When the last machine with a blue screen went down, IT people realized that the infection was out of control, Microsoft writes in this document. It appears that the case in question is the attack on the US city of Allentown, Pennsylvania, described by ZDNet. This case became known in February 2018.

The mayor, Ed Pavlovski, stated that the city would have to pay almost $1 million to Microsoft to clean its systems from the infection. First, the city paid $185,000 to contain the ransomware. On top of that, there are additional costs of up to $900,000 to restore the systems. Further details can be found in the linked articles.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *