After months of deceptive silence, a new dangerous variant of the Emotet Trojan has now been discovered. Hornetsecurity's Security Lab discovered it and warns against it. The new variant relies on large files that have been extremely packed to avoid fast scans.
The dangerous Emotet malware is back. After almost three months of silence, the Security Lab, Hornetsecurity's in-house security laboratory, has discovered a new variant of the Trojan. The latest version of Emotet uses very large files to bypass security scans and infiltrate IT systems. Security software often only scans the first bytes of large files - or lets them into the system without scanning them.
Emotet is in a large mail attachment
🔎 The spam emails contain a 600 KB ZIP file as an attachment, which in turn contain huge Word documents (.doc) of over 500 MB (Image: Hornetsecurity).
The spam emails contain a 600 KB ZIP file as an attachment, which in turn contains huge Word documents (.doc) of over 500 MB. If the attacked user opens one of the Word documents, a malicious payload in .dll format is immediately downloaded, which is also more than 500 MB in size.
The new Emotet variant is not yet very widespread, but the Security Lab assumes that it will soon spread very quickly. E-mails containing the Trojan can appear completely legitimate. Even if security systems filter out these emails and quarantine them, end users can release them again on their own and thus free them from the quarantine. But those who fall victim to the virus contribute significantly to its spread.
Extremely packed files bypass scan
IT administrators must therefore act immediately. On the one hand, they must urgently warn the workforce about this new danger. On the other hand, it is important to consistently block these malicious e-mails. Otherwise the company's success is in great danger. Hornetsecurity helps its customers to ward off such attacks by having Advanced Threat Protection reject such emails with immediate effect.
More at Hornetsecurity.com
About Hornetsecurity Hornetsecurity is the leading German cloud security provider for e-mail in Europe and protects the IT infrastructure, digital communication and data of companies and organizations of all sizes. The security specialist from Hanover provides its services via 10 redundantly secured data centers around the world. The product portfolio includes all important areas of e-mail security, from spam and virus filters to legally compliant archiving and encryption, to defense against CEO fraud and ransomware. Hornetsecurity has around 200 employees at 12 locations around the world and operates with its international dealer network in more than 30 countries.