Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » New Emotet trojan variant uses different POST-infection traffic to infect users

New Emotet trojan variant uses different POST-infection traffic to infect users

  • The malware variant is tracked as Trojan.W97M.POWLOAD and spreads via phishing emails.
  • The email contains a malicious ZIP file, which if opened, results in the download of the malware.

A new variant of Emotet trojan that leverages a new POST-infection traffic technique has been discovered recently. The malware variant is tracked as Trojan.W97M.POWLOAD and spreads via phishing emails.

How does it propagate – According to researchers from Trend Micro, the new sample spreads via spam email with the help of the trojan downloader Powload. The email contains a malicious ZIP file, which if opened, results in the download of the malware. In order to open the file, the victims are required to provide the 4-digit password which is included in the email.

What’s the change in POST-infection traffic – Unlike the previous version, the new variant uses random words and numbers as a URI directory path in order to evade detection.

“Apart from the URI path, the data in the HTTP POST message body has also changed. Previous Emotet samples typically used an HTTP GET request to send victim information to the C&C server, and the data is stored in the Cookie header. The data was encrypted using an RSA key, AES, and then encoded in Base64 before being added to the Cookie value,” the researchers explained.

Worth noting – An investigation of open ports and services reveals that this new variant of Emotet is using vulnerable internet-connected devices as the first layer of C2 server. The vulnerable devices include routers, IP cameras, web servers and more.

“This first layer serves as a proxy that redirects victims to the real Emotet C&C servers, adding another layer of complexity in C&C server communication to make it more difficult to track down the actors behind the Emotet operations. Moreover, compromising vulnerable devices gives them additional resources that they can use for other malicious purposes,” the researchers noted.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket