Community Edition
Total Tests:
This Week:
Today:
Recent Blog Posts
Four Iranian Hackers Charged With Cyberattacks On American Firms
April 25, 2024
An Ex-Amazon Security Engineer Gets 3 Years In Jail For Hacking And Crypto Theft
April 18, 2024
Hacker Fakes His Own Death To Avoid Child Support Payments
April 11, 2024
ATM Skimming Ring Leader Sentenced To 75 Months In Prison
April 4, 2024
German Authorities Dismantle the Nemezis Market Dark Web Marketplace
March 28, 2024
Stay in Touch

Get exclusive updates and invitations to our events and webinars:


Your data will stay confidential Private and Confidential

ImmuniWebInternational Media Coverage

Emotet Malware Taken Down By Global Law Enforcement Effort, Cleanup Patch Pushed to 1.6 Million Infected Devices

By Scott Ikeda for CPO Magazine
Friday, April 30, 2021

The Emotet botnet, widely considered to be the most dangerous of its type in the world, has been dissolved as of April 25. An international law enforcement campaign that began in 2020 culminated in the infiltration and control of the botnet’s infrastructure, with a beneficial payload delivered to infected devices that scrubs the Emotet malware from their systems.

Law enforcement removes a substantial online threat

Pushing a background payload in order to disable the Emotet malware is a potentially problematic solution from a legal standpoint, but some law enforcement agencies (such as the US Department of Justice) are pointing out that their own government is not involved; the malware servers are now under the control of the German federal police agency. Ilia Kolochenko, Founder and Chief Architect for ImmuniWeb, points out that this sets a precedent that could potentially move in dangerous directions: “If viewed in as an isolated event, this is a laudable and highly successful operation of law enforcement. However, privacy advocates may sooner or later start questioning such anti-malware operations in cyberspace as potentially intrusive and unwarranted. There are also some chances that removal may damage the infected system due to some unforeseeable circumstances, such as unique or unusual configuration of the compromised machine. Where I see the risk is that hostile nation states may follow the US and EU example and deploy massive cleaning operations in the Internet that would be difficult to monitor and control. Attribution of hacking attacks, disguised as cleaning campaigns, will become almost impossible from technical and legal viewpoints.”

Malware researchers found that the update (a customized DLL file named “EmotetLoader.dllsent”) deletes Emotet’s autorun registry keys and associated Windows services but does not touch anything else on the device, including any other types of malware that might be present. The US has established some precedent for unauthorized law enforcement remote access for the purpose of malware removal, however; the FBI received a court order earlier this month allowing it to remotely remove web shells from Microsoft Exchange servers as part of the response to the email vulnerabilities discovered earlier this year. It was the first time that a US government or law enforcement agency had accessed private computer property for the purpose of malware remediation. Read Full Article


Previous Media Publications:

Infosecurity Magazine: Ransomware Task Force Urges Tighter Crypto Regulation

IT World Canada: Task force calls for international action against ransomware

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Book a Call Ask a Question
Close
Talk to ImmuniWeb Experts
ImmuniWeb AI Platform
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Email:
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
*
*
*
Your data will stay private and confidential