If you’ve spent any time at all surveying the threat landscape, then you’re almost certainly familiar with the name Emotet.

As one of the largest malware botnets on the planet, it’s dangerous and then some, and its tentacles extend to every corner of the globe.

There’s nowhere on earth you can go that Emotet can’t reach.

Although Emotet doesn’t deviate from their playbook that often, recently, security researchers around the globe have observed a change. Emotet is now using a different email template. This time, it’s masquerading as Microsoft sending out an email telling you that you need to update your copy of Microsoft Word to gain access to an exciting new feature.

The email looks enough like the real thing to be convincing. There are no glaring spelling or other errors in the body of the message, and given that, a disheartening percentage of recipients are clicking on the attached document to open it.

Naturally, that’s when the trouble starts, because the document is poisoned, and if you also enable macros, you’re doomed. That’s what triggers the download and install of the malware.

Make no mistake, the initial Emotet infection usually isn’t fatal or crippling. It allows the hackers who control the botnet to send spam mail messages and install other forms of malware on your system, and that’s the real danger. Once the door has been pried open, the hackers can hit you with whatever they want, and sooner or later, they will.

All that to say, you definitely don’t want to tangle with Emotet if you can avoid it, so it pays to be aware that they’ve switched things up a bit and are now pretending to be Microsoft offering you instructions in the form of a poisoned Word document. Be mindful of that, and be aware that that’s simply not the method Microsoft uses to update their software. Don’t fall for it.

Leave a Reply

Your email address will not be published.

You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*