Security News > 2020 > August > ‘EmoCrash’ Exploit Stoppered Emotet For 6 Months

A researcher was able to exploit a vulnerability in Emotet - effectively causing the infamous malware to crash and preventing it from infecting systems for six months.

He's not the only one looking to thwart Emotet: The news comes shortly after researchers discovered that a mysterious vigilante was fighting the threat actors behind the malware's comeback by replacing malicious Emotet payloads with whimsical GIFs and memes.

"Just as attackers can exploit flaws in legitimate software to cause harm, defenders can also reverse-engineer malware to discover its vulnerabilities and then exploit those to defeat the malware," said Quinn in a recent post.

The script contained a buffer of 0x340 bytes, which Emotet would attempt to save as the registry key - ultimately causing it to crash during its installation process and completely preventing the malware from installing on systems.

Quinn then shared the killswitch discreetly with members of the infosec community, avoiding public channels to ensure maximum uptime of the exploit before the threat actors behind Emotet patched their malware to close the vulnerability.

News URL

https://threatpost.com/emocrash-exploit-emotet-6-months/158414/