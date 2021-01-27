In 2019, Emotet had infected 47,000 computers worldwide and generated around 6,000 malicious URLs Incibe Cert

The king of computer viruses has lost his crown. Police and judicial authorities in Europe and North America have this week dismantled one of the most important botnets of the last decade, known as Emotet, responsible for the malicious program of the same name that has infected thousands of computers around the world. Investigators have taken control of this infrastructure in a coordinated international action between the authorities of the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, together with the European Police Office (Europol) and the European Union Agency for Criminal Judicial Cooperation (Eurojust).

“It was much more than a malware [programa malicioso]”, Say the Europol authorities it’s a statement. Until today, Emotet was one of the most professional and enduring cybercrime services out there, as since its discovery in 2014, the computer virus had evolved into the go-to solution for cybercriminals for seven years.

How powerful and destructive was he? If you have suffered the effects of any type of computer virus, it is very likely that you have been a victim of Emotet. In 2019, the non-profit organization The Spamhaus Project published a report in which he claimed that there were tens of thousands of computers infected with Emotet around the world and that they were emitting around 6,000 malicious links that led to websites that served as infection vectors. According to these data, Emotet was constituted in the malware with a greater global presence, as it represented 45% of the links used to download computer viruses around the world.

“What made Emotet so dangerous is that the virus was offered for rent to other cybercriminals to install other types of malware, like banking Trojans [programas aparentemente inofensivos que abren las puertas de los equipos a otros programas maliciosos] or ransomwares [programas que se utilizan para secuestrar la información de los equipos y pedir posteriormente un rescate a cambio de liberarlos], on the victim’s computer, ”explains Europol. In other words, Emotet functioned as a kind of storage service for cybercriminals’ computer viruses and also as a housekeeper, allowing access by other types of malware the computers it managed to outwit.

Emotet owes its power and fame to its infrastructure, which involved hundreds of servers located all over the world and with different functionalities to manage the computers of infected victims, spread to new ones, serve other criminal groups and ultimately , make the network more resistant against removal attempts. “Emotet’s infrastructure essentially acted as a door opener for computer systems on a global scale and, once established, those accesses were sold to other high-level criminal groups to implement more illicit activities, such as data theft and extortion. through ransomware”Says Europol.

As a throne, a bench

Emotet was the king of malware and had cyber authorities on their knees for almost a decade. But this king had neither a throne nor a palace. According to images and videos Shared by the National Police of Ukraine, which carried out the captures, the terror of global cybersecurity operated from a small and dirty room, with a computer on a messy table and as a seat, a bench. No elite teams of hooded hackers in a gigantic warehouse with state-of-the-art facilities.

But what exactly did it do and how did Emotet work? Cybercriminals used email as their main weapon of attack. “Using a fully automated process, Emotet was delivered to victims’ computers via infected email attachments, using a variety of different decoys to trick unsuspecting users into opening these malicious attachments. Emotet’s email campaigns were also presented as invoices, shipping notices and information about covid-19, ″ explain the European authorities.

All of these emails contained documents of Word malicious, either attached to the email itself or downloadable by clicking a link within the email. Once a user opened one of these documents, the malicious code hidden in the Word file began to run and install the Emotet virus and services on the victim’s computer.

Emotet will go down in history as one of the main players in the world of cybercrime and promoter of the most powerful computer viruses in cyberspace, such as TrickBot, QakBot and Ryuk. But above all, it will be remembered as the computer virus that circumvented the authorities of more than eight countries on two continents without any film infrastructure, from a small Ukrainian warehouse.

You can follow EL PAÍS TECNOLOGÍA RETINA at Facebook, Twitter, Instagram or subscribe here to our Newsletter.