Hello, my name is Trevor and I am an IS certificate student here at VCU. For this posting, I will share an pieces of an article about one of the most frusttrating and pervasive types of malware you could come across. The arcile, published by malware bytes, first describes the origin of the Emotet Trojan. "Emotet banking Trojan was first identified by security researches in 2014. Emotet was orginally designed as a banking malware that attempted to sneak onto your computer and steal sensitive and private information. Later versions of the software saw the addition of spamming and malware delivery services - including other banking trojans." Next, the article details what makes Emotet so pervasive. "Emotet uses funcationality that helps the software evade detection by some anti- malware products. Emotet uses worm-like capabilities to help spread to connected computers. This helps in distribution of the malware".
Moving onto the Emotet's spreading capabilities. According to the article, "The primary disstribution method for Emotet is through malspam. Emotet ransacks your contacts list and sends itself to your friends, family, coworkers, and clients. Since these emails are coming from your hijacked email account, the emails look less like spam and the recipients, feeling safe, are more inclined to click bad URLs and download infected files." One of the reasons that a widespread Emotet infection could be an organizations worst nightmare, is what follows after the actual infection. Emotet is known to drop Trickbot, another banking trojan, onto infected machines. Trickbot has been linked to dropping EternalBlue, which was responsible for the WannaCry and NotPetya attacks. In closing, Emotet should be on the mind of an Cyber Security Researcher or Analyst. This particular piece of malware can run rampant on an organization and can be incredibly difficult to combat. One of the best ways to prevent this malware from infiltrating your network is to educate the employees on the Network through annual/semi-annual trainigs as well as phishing simulations. As the primary infection vector for the malware is through phishing/spear phishing. After you educate employees, you hope your defense in-depth mitigates the rest.
No lines are longer than 80 characters, TYVM. Other specified properties aren't being scored automatically at this time so this is not necessarily good news...