• Thu. Jun 20th, 2024

North East Connected

Hopping Across The North East From Hub To Hub

The Spread of the Emotet Botnet

ByDave Stopher

Jun 14, 2019 #technology

If I had to describe this week, I’d describe it as if your house is burning and yet there you are, sitting at your dining room table, muttering “This is fine.” over and over again while ignoring the fire.

That picture I’ve painted is the perfect representation of cyber-security this past week, with millions of RDP servers being under threat by a botnet and a Windows exploit that leaves several versions of Windows vulnerable to security exploits.  But while these dangers have just popped up, there has been one threat that has coasted by for a few months, never ceasing to loom over the world’s servers.  This danger is none other than a botnet named “Emotet”.


1.    From Humble Beginnings

Emotet wasn’t always a botnet that brought fear into security’s metaphorical heart.  It started out as a lowly trojan that sought out to hack and infect banking computers.

Emotet was first discovered in 2014 in some German and Austrian bank computers, where the trojan was working on stealing login information from the devices.  While this type of trojan isn’t rare, it’s future didn’t seem prosperous.  If only we had known…


2.   The Current Situation

Emotet has grown since those days, and its growth has given it power that no one foresaw from the once-small Trojan.  In fact, it wouldn’t really be accurate to call it a Trojan anymore, as it’s a full-blown botnet.

This is due to the fact that while Emotet was only made to steal login credentials, it was later updated to perform more hacking-related tasks, such as going through browsing history, sifting through your e-mails, and turning your machine into part of the botnet.  Sounds like some type of horror movie, huh?

The cyber group is known as “Mealybug” are the ones responsible for this monstrosity of a botnet, and they seem to have no plans to stop going after…whatever it is they want.  So far their hacking attempts have been proven quite successful.

One issue I’ve neglected to mention is the way that Emotet spreads.  While it’s a botnet, it spreads like a worm would, which is by moving from one computer to another by a network connection.  Once Emotet infects a computer, it converts that computer into a part of the botnet and then moves on to the next computer on the network.  Unsurprisingly, this is very dangerous for corporations and government entities.

It’s not as if Emotet is weaker or smaller than recent threats like the GoldBrute either.  All Emotet needs is an IP address on a network and it can immediately infect that computer.  And a single Emotet bot can output a ludicrous amount of work in a day.  When being studied, researchers found that one Emotet bot could send a few million e-mails per day.  Yea, that’s just one!  Imagine if you had 100, 2,000, a million.  It would be absolutely catastrophic.

But Mealybug isn’t done.  This year they added a couple of new features to Emotet that make it even more potent than it used to be.  Now, Emotet can carry other forms of malware or viruses with it when it infects a machine.  So, for example, a computer infected with Emotet could also have some sort of ransomware dropped on the system as well, essentially hitting the user with a double whammy of a problem.


1.   The Future of Emotet

Emotet is a persistent force of destruction that none have figured out how to stop.  Emotet used to only target Germany and Austria in 2014 but now has gone worldwide with its operations.  Who knows what the clever piece of malware can accomplish in the next few years.  Maybe it’ll even turn our computers into the new form of Decepticons.  Who knows?  All I know is that if I had to have some of my devices infected with malware, I’d rather they turn into a cool robot that’ll kill me, and not just act as a bot in a botnet that can still all my personal information and ruin my life, you feel me?

Related Post