[German]The Emotet malware is distributed via spam email campaigns. A free service now makes it possible to check whether an email address has already been abused in such a campaign.
Advertising
The background
Emotet is a malware that is spread via spam emails. The attachment of such e-mails contains malware-contaminated Word or Excel documents. If such a document is opened and the macro it contains is activated, the Trojan Emotet is installed on the victim's computer.
Over time, the Emotet Trojan will download other malware such as TrickBot and QakBot and install them on the infected computer. Emotet then acts as ransomware, encrypting and possibly stealing files on the victim's computer. The goal is to extort ransom money from the victims. It is known that this Trojan is used in ransomware attacks by cyber gangs behind Ryuk, Conti and ProLock.
(Source: Pexels Markus Spiske CC0 Lizense)
The nasty thing about it is that when an infection occurs, Emotet attempts to steal the email addresses on the victim's system and transfer them to its own servers. These emails are then used in future Emotet spam campaigns to disguise the attacks.
Free checking service
I came across the information at Bleeping Computer: There is a new service that allows users to check if an email domain or address has been used in an emotet spam campaign. The service, called Have I Been Emotet, is operated by the Italian cyber security company TG Soft. A new service has been introduced that allows you to check if a domain or email address has been used as a sender or recipient in emotet spam campaigns. All you have to do is enter a mail domain in the form, as shown below. However, you can also enter a specific e-mail address and it will be displayed whether it appears in the database.
Advertising
The results page shows whether the domain or email address was used to send emotet spam mails (the computer of the email account is infected). It also reports if fake senders with email addresses were found in spam mails, and you can see how many email accounts of a domain belong to the recipients. Might be helpful for admins to create blacklists of compromised email senders – although this is degenerating into a cat-and-mouse game.
TG Soft told BleepingComputer that its database includes email data generated by Emotet between August and September 23, 2020. During this period, TG Soft collected over 2.1 million email addresses from approximately 700,000 Emotet spam emails.
