Nice to have nearly a year off from that malspam threat, but now it's returned
The Emotet malware delivery botnet is back, almost a year after law enforcement agencies bragged about shutting it down and arresting the operators.
The SANS Institute's Internet Storm Centre (ISC) was one of many organisations to confirm overnight that the spam-based malware delivery network was back online following police raids in January 2021 targeting its command and control infrastructure.
Detailing emails the ISC had seen circulating in the wild with malicious Word, Excel, and .zip archive files attached, the org's Brad Duncan blogged: "These emails were all spoofed replies that used data from stolen email chains, presumably gathered from previously infected Windows hosts."
The revival of Emotet is serious because in its final form the Windows malware network was increasingly being used to deliver ransomware, as well as the traditional online banking credential-stealing code it was previously best known for. Typically spam emails sent by Emotet contain a document in a common file format with embedded macros.
