With new spam activity beginning on Friday July 17th, the infamous Emotet botnet has sprung back to life after a hiatus of over 180 days. Originally observed by the anti-spam organization Spamhaus on Monday, July 13th, the malware’s spam modules were distributed to a select few Emotet victims, and old spam caught in the spam system queue was distributed temporarily. On July 17th, the first instance of new spam by Emotet was detected by Spamhaus yet again. While spam distribution was low, this marks the first instance of new spam from Emotet since early February.
Analyst Notes
Recommendations: While the current total spam distribution is limited to one document and some URLs, this is a key indicator that Emotet will return in force either next Monday or the Monday after. As Emotet is a malspam distributed botnet using malicious links or attachments to distribute malware, Binary Defense recommends implementing email threat monitoring and filtering, and also educating employees to use caution when opening documents downloaded from emails or links in emails.
