The malware, dubbed Emotet, was spotted around June 2014 by security vendors. It is notable for its ability to sniff out credentials sent over encrypted HTTPS connections by tapping into eight network APIs.
Microsoft has been observing a new variant, which was sent out as part of a spam campaign that peaked in November targeting mostly German-speaking users. Emotet is distributed through spam messages, which either contain a link to a website hosting the malware or a PDF document icon that is actually the malware.
The spam messages try to gain the attention of potential victims by purporting to be some sort of claim, a phone bill, an invoice from a bank or a message from PayPal.
Spam messages containing Emotet can be tricky to filter because the messages originate from real email accounts.One technique to stop spam messages is to reject messages that come from bogus accounts by checking if the account really exists.
Emotet comes with a list of banks and services it is designed to steal credentials from. It will also pull credentials from a variety of e-mail programs, including versions of Microsoft’s Outlook, Mozilla’s Thunderbird and instant messaging programs such as Yahoo Messenger and Windows Live Messenger.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now