Security News > 2021 > April > Uninstall Command Completes Emotet Botnet Cleanup Operation

Uninstall Command Completes Emotet Botnet Cleanup Operation
2021-04-26 13:10

Roughly one million computers are getting rid of the Emotet malware after law enforcement agencies served them an update meant to trigger an uninstall process on April 25.

One of the most prevalent threats of the past half a decade, Emotet first emerged in 2014 as a banking Trojan, but evolved into a malware downloader that was employed by many cybercriminals to distribute various payloads.

Some of the best known malware families distributed through Emotet include TrickBot, Ryuk, and the QakBot banking Trojan, but many others too relied on the massive network of approximately one million infected machines for the delivery of malicious files.

Several lines of code were also included in the update to instruct the malware to automatically uninstall itself, on April 25.

Once triggered, the uninstall command cleans up the Windows registry key that enables the Emotet modules to run automatically and stops and deletes associated services, but does not remove other files, nor does it erase additional malware that might have been installed through the botnet.

"While the takedown of Emotet is a big win for all but cybercriminals, efforts made to replace it with malware such as BazarCall and IcedID demonstrate that cybercriminal outfits are increasingly organized, ambitious and professionalized. This will almost certainly remain the same in the future; the problem does not end with Emotet," digital risk protection company Digital Shadows notes.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/NQUNRIezSR0/uninstall-command-completes-emotet-botnet-cleanup-operation