Beware Emotet!

If you've spent any time at all surveying the threat landscape, then you're almost certainly familiar with the name Emotet.

As one of the largest malware botnets on the planet, it's dangerous and then some, and its tentacles extend to every corner of the globe.

There's nowhere on earth you can go that Emotet can't reach.

A new email template

Although Emotet doesn't deviate from their playbook that often, recently, security researchers around the globe have observed a change. Emotet is now using a different email template. This time, it's masquerading as Microsoft sending out an email telling you that you need to update your copy of Microsoft Word to gain access to an exciting new feature.

The email looks enough like the real thing to be convincing. There are no glaring spelling or other errors in the body of the message, and given that, a disheartening percentage of recipients are clicking on the attached document to open it.

Poisoned attachment to the email

Naturally, that's when the trouble starts, because the document is poisoned, and if you also enable macros, you're doomed. That's what triggers the download and install of the malware.

Make no mistake, the initial Emotet infection usually isn't fatal or crippling. It allows the hackers who control the botnet to send spam mail messages and install other forms of malware on your system, and that's the real danger. Once the door has been pried open, the hackers can hit you with whatever they want, and sooner or later, they will.

Our perspective

All that to say, you definitely don't want to tangle with Emotet if you can avoid it, so it pays to be aware that they've switched things up a bit and are now pretending to be Microsoft offering you instructions in the form of a poisoned Word document. Be mindful of that, and be aware that that's simply not the method Microsoft uses to update its software. Don't fall for it.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!" ~


By Denis Wilson and Melissa Stockwell

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can find me on LinkedIn, Facebook, and Twitter.

I am also a published author and speaker in cloud computing and cybersecurity, working extensively with business and professional associations to provide small business technology education programs. Contact me if you would like me to speak at your association