Computer security researchers have created an exploit and subsequently a killswitch (dubbed EmoCrash) to prevent the Emotet malware from spreading. This is one of the most common and dangerous virus infections as they are being spread via botnet networks of infected hosts. The experts have uncovered a security issue which has allowed for this to happen.
EmoCrash: Experts Found an Exploit and Stopped Emotet From Infecting Pcs
The Emotet malware is one of the most well-rewnowned and dangerous viruses which are primarily distributed using botnet networks of infected hosts. The botnet networks are configuring to automatically spread the virus by using SPAM content in email messages or direct attacks by using common security vulnerabilities. The Emotet malware is often described as an all-in-one virus which can be programmed by the hackers to either download other malware, steal files or recruit the contaminated hosts into the botnet network. It has been known since 2014 and since then has been used in countless attacks against both private targets and company and government networks.
A few months ago a new update added a new feature which allowed the malicious engine to infect Wi-Fi networks in range of already hacked hosts. A new persistence installation has also been implemented making it harder to remove the active infections.
However, with this update security engineers who track the changes in the Emotet code reported that a killswitch has been devised for it. It uses a PowerShell script which manipulated the malware checks on the local system and made it to load an empty executable file. As a result the malware was stopped from running on the target system.
A second security weakness allowed the hackers to construct another, more complex type of virus manipulation which is known as EmoCrash. It is categorized as a buffer overflow exploit which crashes the Emotet engine during its installation. This is done in order to prevent the users from getting infected altogether.
The security experts have coordinated the exploit code from being publicly disclosed in order to hide this technique from the hackers. This is done in order to protect the malware code from being patched against the bug. However in April 2020 the hackers updated the virus code and removed the Registry value codes which were abused by EmoCrash.
Given the fact that computer security experts are taking measures in order to devise methods for malware protection by abusing faults in the code shows that another technique might be devised again soon. We advise all computer users to be vigilant and always take security precautions to protect their systems from malware infections.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: