The law enforcement agencies delivered a malware module earlier in January. This caused all the Emotet, one of the most active spam email botnets to be uninstalled from all the infected devices. This takedown was the result of a coordinated international law enforcement action.
What is happening?
There have been few attempts to takedown the botnets and in this attempt, the law enforcement agencies have delivered a new configuration to the currently active emotet infection. Here the spam botnet would automatically use the C2 servers that are controlled by the Germany’s federal police agency, the Bundeskriminalamt.
- The new module of emotet is distributed by the law enforcement in the form of a 32bit EmotetLoader.dll to all systems that were infected. This module will uninstall the malware automatically on April 25.
- This module deletes associated Windows services, auto run registry keys and then subsequently, the process is exited. Everything else on the device that was infected is left intact.
- The module only stops any additional malware from being installed in the computer via emotet. It does not remove any other malware that was installed already.
Repairing the Damage-
Simultaneously to the takedown, the FBI is also trying to minimize the damage that was caused by this global threat.
- Around 4.3 million email addresses were shared with Have I Been Pwned site after being identified by the FBI to be harvested by the emotet botnet.
- The entire database has been handed over to the site service to be able to the impacted users.
- An attempt was made by the FBI towards removal of the webshells from Microsoft Exchange server infected via ProxyLogon exploits. FBI launched a court-approved and coordinated operation achieve the completion of this task.
- Microsoft revealed last year about the legal action to disrupt the cybercrime digital network of TrickBot. Still the botnets were detected to be active in March again.
These takedowns attempts are by the law enforcement is a huge step forward towards stopping of the threats and developments like collaboration among the agencies and the private sector security researchers are always welcome. Still the organization should be careful about the implementation of the security services adequately to be safe from any future threats.