CYBER NEWS

EmoCrash: Emotet Killswitch and Exploit Prevents Malware from Spreading

Computer security researchers have created an exploit and subsequently a killswitch (dubbed EmoCrash) to prevent the Emotet malware from spreading. This is one of the most common and dangerous virus infections as they are being spread via botnet networks of infected hosts. The experts have uncovered a security issue which has allowed for this to happen.




EmoCrash: Experts Found an Exploit and Stopped Emotet From Infecting Pcs

The Emotet malware is one of the most well-rewnowned and dangerous viruses which are primarily distributed using botnet networks of infected hosts. The botnet networks are configuring to automatically spread the virus by using SPAM content in email messages or direct attacks by using common security vulnerabilities. The Emotet malware is often described as an all-in-one virus which can be programmed by the hackers to either download other malware, steal files or recruit the contaminated hosts into the botnet network. It has been known since 2014 and since then has been used in countless attacks against both private targets and company and government networks.

A few months ago a new update added a new feature which allowed the malicious engine to infect Wi-Fi networks in range of already hacked hosts. A new persistence installation has also been implemented making it harder to remove the active infections.

Related:
Emotet virus is malware that enters your Mac via unauthorized manner and may begin to perform different unwanted and malicious activities once infected.
Emotet Virus (Mac) – How to Remove It

However, with this update security engineers who track the changes in the Emotet code reported that a killswitch has been devised for it. It uses a PowerShell script which manipulated the malware checks on the local system and made it to load an empty executable file. As a result the malware was stopped from running on the target system.

A second security weakness allowed the hackers to construct another, more complex type of virus manipulation which is known as EmoCrash. It is categorized as a buffer overflow exploit which crashes the Emotet engine during its installation. This is done in order to prevent the users from getting infected altogether.

Related:
A new spam, botnet-driven campaign is spreading malicious files masqueraded as documents with video instructions on how to protect against the coronavirus.
Coronavirus Emails Are Spreading the Emotet Malware

The security experts have coordinated the exploit code from being publicly disclosed in order to hide this technique from the hackers. This is done in order to protect the malware code from being patched against the bug. However in April 2020 the hackers updated the virus code and removed the Registry value codes which were abused by EmoCrash.

Given the fact that computer security experts are taking measures in order to devise methods for malware protection by abusing faults in the code shows that another technique might be devised again soon. We advise all computer users to be vigilant and always take security precautions to protect their systems from malware infections.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...