New Emotet Trojan Poses Major Risk to Small and Midsize Businesses
Posted August 4, 2017 by Jeremy Wanamaker
Users must take responsibility to protect company networks
There is a new breed of malware that uses a sophisticated combination of phishing, brute-force password attacks, and spreader technology to infiltrate and compromise computer networks. The malware is called Emotet.
What you need to know
- Do not open an attachment you were not expecting, even if it appears to come from a trusted sender. Check with the sender first. Hackers can make an email appear to come from a friend, colleague, or co-worker. It may even have a convincing subject line that is relevant to your field. We recently saw malware sent to an architecture firm with the subject “Architectural design for your review” and a link to a Dropbox file. The file contained a Word document with malware.
- Use a complex password. Simple one-word passwords are easily compromised by brute-force malware, such as Emotet. See the section directly beneath this one for more instructions on creating complex passwords. More information about how Emotet spreads with brute-force passwords and examples of bad passwords can be found at the bottom of this email.
- You must take responsibility for the safe operation of your computer system. Firewalls, Anti-Spam, and Anti-Virus software provides an important layer of protection but it can be defeated by sophisticated hackers.
Creating Complex passwords
- It must be at least 8 characters long.
- It must not contain easily guessed information such your birth date, phone number, spouse’s name, pet’s name, kid’s name, login name, the word “password”, etc.
- It must not be a short, commonly used phrase such as iloveyou.
- If it uses dictionary words, it must use multiple words strung together in a nonsensical way such as GuitarHorseTrain284.
- It should contain special characters such as @#$%^& and/or numbers.
- It should use a variation of upper and lower case letters.
More information about Emotet
Emotet spreads through phishing emails. As stated above, some of these emails are very sophisticated. They may appear to come from a colleague, your boss, or even the CEO of your company. Impersonating a legitimate email address is called spoofing. Anti-spam filters usually catch spoofed emails, but not always.
The phishing email contains a payload, which is often a link to a legitimate file-sharing service such as Dropbox. When the user downloads the payload, the malware installs on their machine.
Once the malware is installed, it attempts to spread to other machines on the network using a list of brute force passwords.
Some of the brute-force passwords included in the recent Emotet Trojan are
qwerty love iloveyou princess office supervisor superuser share adminadmin mypassword mypass pass
For organizations who want to enforce complex passwords, CNS has a method to do it. Please contact your VCIO or account rep today for more information about enforcing complex passwords on your network.