Security News > 2020 > August > Researchers Exploited A Bug in Emotet to Stop the Spread of Malware

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware
2020-08-17 05:45

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months.

"However, it's important to keep in mind that malware is software that can also have flaws. Just as attackers can exploit flaws in legitimate software to cause harm, defenders can also reverse-engineer malware to discover its vulnerabilities and then exploit those to defeat the malware."

The kill-switch was alive between February 6, 2020, to August 6, 2020, for 182 days, before the malware authors patched their malware and closed the vulnerability.

Since its first identification in 2014, Emotet has evolved from its initial roots as a banking malware to a "Swiss Army knife" that can serve as a downloader, information stealer, and spambot depending on how it's deployed.

Although Emotet retired its registry key-based installation method in mid-April, it wasn't until August 6 when an update to the malware loader entirely removed the vulnerable registry value code.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/lpFbePN3rI0/emotet-botnet-malware.html