{"id":16528,"date":"2020-11-01T01:00:38","date_gmt":"2020-11-01T00:00:38","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=16528"},"modified":"2020-11-01T01:00:38","modified_gmt":"2020-11-01T00:00:38","slug":"emotet-malware-als-vermeintliches-word-update-getarnt","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/11\/01\/emotet-malware-als-vermeintliches-word-update-getarnt\/","title":{"rendered":"Emotet malware comes as a supposed Word update"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/11\/01\/emotet-malware-als-vermeintliches-word-update-getarnt\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]A brief warning: The criminals behind the emotet malware are now distributing this malware via a mail attachment that appears as a supposed Word update. Microsoft warns about that. <\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg06.met.vgwort.de\/na\/758ae4712454433bbae03c7cbfade744\" width=\"1\" height=\"1\"><a href=\"https:\/\/en.wikipedia.org\/wiki\/Emotet\" target=\"_blank\" rel=\"noopener noreferrer\">Emotet<\/a> is a family of malware that is spread via e-mail and is usually contained in Word documents with malicious macros. When these documents are opened, their content attempts to trick the user into activating macros, so that the Emotet malware is downloaded and installed on the computer. The malware can deliver a variety of malicious functions, most often infecting ransomware to encrypt the data along with a ransom demand. The sender of these mails is often known contacts of the recipient, as Emotet uses the contact lists on infected systems to send the mail. <\/p>\n<h2>Emotet&nbsp; disguised as a Word update<\/h2>\n<p>The cyber criminals of the Emotet group have been changing their strategy for spreading malware for a week now and are distributing a new message with an attachment claiming to be from Microsoft. The message states that Microsoft Word must be updated to add a new feature. <\/p>\n<p><a href=\"https:\/\/i.imgur.com\/H1gDlqY.jpg\" target=\"_blank\" rel=\"noopener noreferrer\"><img decoding=\"async\" title=\"Emotet-Malware als Word-Update getarnt\" alt=\"Emotet-Malware als Word-Update getarnt\" src=\"https:\/\/i.imgur.com\/H1gDlqY.jpg\"><\/a><\/p>\n<p>This is pointed out by the above <a href=\"https:\/\/i.imgur.com\/H1gDlqY.jpg\" target=\"_blank\" rel=\"noopener noreferrer\">tweet<\/a> from Bleeping Computer, among others. The backers use a lottopics in their mail, to lure victims, as explained in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/emotet-malware-now-wants-you-to-upgrade-microsoft-word\/\" target=\"_blank\" rel=\"noopener noreferrer\">this article<\/a>. This ranges from supposed information about COVID-19 to alleged orders, alleged invoices and applications. And lately just alleged Word updates. On Twitter, Microsoft has posted examples of such mails in <a href=\"https:\/\/twitter.com\/MsftSecIntel\/status\/1322279993964077056\" target=\"_blank\" rel=\"noopener noreferrer\">this tweet<\/a> (<a href=\"https:\/\/twitter.com\/BleepinComputer\/status\/1322535332022288387\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> on Halloween), but also the following screenshot.&nbsp;&nbsp; <\/p>\n<p><img decoding=\"async\" title=\"Emotet als Word-Update\" alt=\"Emotet als Word-Update\" src=\"https:\/\/i.imgur.com\/Mj5btzy.jpg\"><\/p>\n<p>The attachment is a Word document that contains a malicious macro. In the mail the user is asked to upgrade Microsoft Word and links request to release document editing (Enable Editiing is supposed to enable macro editing) and upgrade (Enable Content loads the macro). When the macro is activated and executed, it connects to a malicious domain to download the emotet payload. I have warned about emotet on this blog many times, as this malware is one of the most successful blackmail Trojans currently active.<\/p>\n<p><strong>SImilar articles:<br \/><\/strong><a href=\"https:\/\/borncity.com\/win\/2020\/08\/17\/emocrash-impfschutz-vor-emotet-infektionen\/\">EmoCrash protectet systems for 6 months against emotet-infections<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/03\/02\/cryptolaemus-and-the-fight-against-emotet\/\">Cryptolaemus and the fight against Emotet<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/09\/11\/warning-about-a-new-emotet-ransomeware-campaign-sept-2020\/\">Warning about a new Emotet-Ransomeware campaign (Sept. 2020)<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/07\/18\/microsoft-warnt-vor-massiver-emotet-kampagne\/\">Microsoft warns of massive Emotet campaign<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2020\/04\/05\/emotet-kann-computer-im-netzwerk-berhitzen\/\">Emotet Trojan can overload computers on the network<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/09\/11\/emotet-cc-server-liefern-neue-schadsoftware-aus\/\">Emotet C&amp;C servers deliver new malware<\/a><br \/><a href=\"https:\/\/borncity.com\/win\/2019\/12\/07\/faq-reagieren-auf-eine-emotet-infektion\/\">FAQ: Responding to an Emotet infection<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A brief warning: The criminals behind the emotet malware are now distributing this malware via a mail attachment that appears as a supposed Word update. Microsoft warns about that.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-16528","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/16528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=16528"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/16528\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=16528"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=16528"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=16528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}