Security News > 2022 > January > Emotet Now Using Unconventional IP Address Formats to Evade Detection

Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using "Unconventional" IP address formats for the first time in a bid to sidestep detection by security solutions.

The infection chains, as with previous Emotet-related attacks, aim to trick users into enabling document macros and automate malware execution.

The document uses Excel 4.0 Macros, a feature that has been repeatedly abused by malicious actors to deliver malware.

"The unconventional use of hexadecimal and octal IP addresses may result in evading current solutions reliant on pattern matching," Kenefick said.

The findings also arrive as Microsoft revealed plans to disable Excel 4.0 Macros by default to safeguard customers against security threats.

"This setting now defaults to Excel 4.0 macros being disabled in Excel," the company announced last week.

News URL

https://thehackernews.com/2022/01/emotet-now-using-unconventional-ip.html