Featured Post

News Scan for Jun 29, 2020 | CIDRAP - CIDRAP

Image
News Scan for Jun 29, 2020 | CIDRAP - CIDRAPNews Scan for Jun 29, 2020 | CIDRAP - CIDRAPViruses: Breaking new grounds in research | Results Pack | CORDIS | European Commission - Cordis NewsHelping Others Make Healthy Choices - Texas A&M Today - Texas A&M University Today"How Contagion Works" author Paolo Giordano on the environmental, social and political factors impacting coronavirus and future threats - Sydney Morning HeraldPandemic Outbreaks in the Past Decade: A Research Overview - ResearchAndMarkets.com - Business WireNews Scan for Jun 29, 2020 | CIDRAP - CIDRAPPosted: 29 Jun 2020 12:00 AM PDT Ebola infects 4 more in DRC's Equateur province outbreakOfficials have reported 4 more confirmed cases in the Democratic Republic of the Congo (DRC) Equateur province Ebola outbreak, raising the total to 28, the World Health Organization (WHO) African regional office said today on Twitter.So far, no details on the latest cases in the DRC's 11th Ebola outbreak are no…

Emotet malware returns with better evasion capabilities - www.computing.co.uk

Emotet malware returns with better evasion capabilities - www.computing.co.uk


Emotet malware returns with better evasion capabilities - www.computing.co.uk

Posted: 20 Apr 2020 12:00 AM PDT

Emotet malware returns with better anti-malware evasion capabilities

Emotet malware returns with better anti-malware evasion capabilities

Emotet, one of the today's most dangerous malware botnets, is back with improved modules to conceal its presence on infected networks and machines.

That's according to the researchers at cyber security firm MalwareTech, who revealed that threat actors behind Emotet botnet have completely redesigned their malware and some of its modules to equip it with enhanced anti-malware evasion capabilities.

"Emotet is back and better (worse) than before. After months of inactivity, all botnets are showing signs of life and utilising new evasion techniques," the researchers stated on Twitter.

"Botnet E2 is currently deploying credential and email stealing modules, likely in preparation for a new spam campaign."

According to researchers, the botnets have now started using hashbusting technique to ensure that the malware's file hash on each infected system in not same. Moreover, the new Emotet code is now utilising "a state machine to obfuscate control flow".

"Branches are flattened into nested loops, allowing code blocks to be places in arbitrary order, with flow controlled by a randomised state value," the researchers said.

"This allows for easy code mutation and possibly polymorphism."

Emotet was originally developed as a banking Trojan, like Trickbot, although it has been rewritten several times in past years to work as a malware loader.
According to the researchers at cyber security firm Malwarebytes, this malware was removed from nearly 1.5 million systems in the first nine months of 2018.

Last year, the threat from Emotet became so critical that US-CERT was forced to issue an alert to warn organisations about the botnet.

Emotet can deliver modules able to steal passwords from local apps and spread laterally to other machines on the network. These modules can even steal entire email threads and reuse them later in spam campaigns.

Cyber actors behind Emotet are also known to run their botnet as a Malware-as-a-Service (MaaS). As part of the scheme, other cyber gangs are allowed to rent access to Emotet-infected machines to drop their own malware strains.

In September last year, the researchers at Cisco Talos said that they had noticed Emotet taking advantage of stolen email passwords in a new campaign launched by Emotet operators after a gap of nearly four months.

Comments

Popular Posts

System detected an overrun of a stack-based buffer in this application [FIX] - Windows Report

Valorant anti-cheat lead answers many questions on Reddit - Millenium US