Emotet: The Trickiest Trojan since Troy?
Blog by Andy | Posted on Tuesday September 10 2019
LEGEND HAS IT that a while back, some mischievous gods and goddesses toyed with the affections of some mere mortals which led to the Trojan War.
People are still messing with us now.
Spartan King Menelaus, whose wife Helen was apparently all that, was humiliated when Paris of Troy, with a little encouragement and help from the afore-mentioned immortals, swept her off her feet and took her home with him. This caused bitter rivalry and jealousy twixt some Important Folk: King Menelaus and Trojan King Priam. For Ordinary People, such consternation remains parochial. When Important Folk are troubled, however, the repercussions can be far-reaching and catastrophic (just ask Archduke Franz Ferdinand of Austria).
Somewhat irked and seeking retribution, Menelaus got a massive gang of his mates, led by Helen’s brother Agamemnon, to knock on Troy’s door and ask if he could have his wife back. The citizens of Troy pretended they were out for a while before finally admitting that yes, they were in, but no, Helen wasn’t coming out. Even more upset, Agamemnon decided to start trying to kick the door in and chuck stuff at Troy, before camping outside and waiting for Troy to give up. This went on for a while.
A cunning plan
Eventually, after the brute force approach hadn’t worked (particularly as Troy was chucking stuff back at them), Agamemnon and his mates – including a chap called Achilles, who, legend has it, could handle himself in a bar fight – came up with a cunning plan. Knowing Trojan tastes for all things equestrian, they built a huge wooden statue of a horse, ostensibly from Menelaus to say thanks to Agamemnon and all his mates for hanging around and taking damage for so long. Then they all wandered off, whistling nonchalantly, leaving the horse behind.
From Troy, they watched all this with curiosity and a growing sense of optimism that the whole nasty episode might be over. They looked at the apparently abandoned horse. They really liked horses. It’d make a nice feature in the garden, they thought, so they slipped out cautiously and dragged it home. What harm could it do?
Big mistake
That was when things went seriously bad for the Trojans. Unwittingly, they’d dragged a crack force of killers into the safety of their own home, hidden inside the horse. Once inside, this team of assassins ran amok, causing all sorts of damage. The lads, led by the cunning Achilles, were too sophisticated for the Trojans. They could assess the layout of the place and adapt to it. They overcame and destroyed Troy’s security and opened the front door up to the rest of Agamemnon’s crowd who had, it turns out, just been hiding behind a hedge. Troy was lost.
This all happened years back. We’re all a bit smarter these days, aren’t we? We’d never fall for tricks like that.
Except we do. Millions of us. Every day.
And the horses are smarter. They can open doors.
The situation is different now. You’re far more likely to suffer a cyber attack on your data, your identity and your finances than you are on your physical person. And one of the most common ways those attacks start is the cyber equivalent of that Trojan trick of yesteryear.
Modern deception
You get an email or download a file from the internet. Something that looks good or seems harmless enough. Perhaps something you really like, like horses, or sodding cats …
But hidden inside that email or downloaded file is a little computer program. Once it’s given free rein in your machine, it goes to work and wreaks havoc. You might not even notice it’s there until you see the results of its nefarious deeds. These are computer trojans. Malware. And they can be nasty.
Many trojans are sophisticated enough to work out where they are and find ways to attack the operating system and software on the machine they’ve ended up in. But they’re often a bit obvious, especially if the machine has been trained to look out for them by adding antivirus software to its defences.
Cheeky trickster
Trouble is, the latest generations of trojan malware are getting trickier. Take Emotet, for example. It’s a trojan aimed at exploiting your finances – it targets the software and systems you use to manage and spend your money. Bank accounts, online shopping, that sort of thing.
Emotet gets itself onto your system, mostly through emails pretending to be something they’re not. Then it sneaks out and gets to work. But it doesn’t go straight on the offensive. No. The first thing it does is change. Not just a change of clothes, either.
It evolves.
It does this to evade the usual detection methods that most antivirus software use. Not only that, even if it’s been detected and cleaned once, it can reinfect the same machine again because each time it appears it’s different – a bit like how I get another bloody strain of the Common Cold every time my kids go back to school.
But that’s not all. This particular trojan is especially tricky: it’s intelligent – it can detect if the system is a test system that is built to trap malware and it will lie dormant and undetected. If it’s active, it will email itself to the contacts saved on the machine and even attempt to hack any available WiFi networks to spread itself to other devices.
Silly names
Once on a host machine, it can deliver banking trojans like Qakbot and TrickBot. Ok, yes, ha ha silly names and all that, but they’re a lot more insidious than they sound, trust me. They work by injecting code into the host machine’s networking software, so when you go to make any transactions online, they’re there, watching and recording the details to allow exploitation by dishonest folk.
Scary, isn’t it? Hard to stop something so sophisticated. No wonder most antivirus software is stumped.
They shoot horses, don’t they?
Calm yourself. We have discovered software that can protect your devices and defend your business network from Emotet and other malware like it.
Malwarebytes
Malwarebytes has the solutions to detect, quarantine and clean up Emotet and the other trojans it can introduce. It works by using multi-layered technology, using traditional scanning and detection, but also employing Application Behaviour Protection, machine learning (artificial intelligence) to identify anomalies, and then mitigation and application hardening procedures to keep the system protected.
It’s like giving your devices an immune system. It’s like the Trojans having body heat detection or x-ray technology to examine that horse. And perhaps even some threat analysis to find their, er, Achilles heel.
Not even sorry.
Ok, protect me!
If you’re interested in finding out more about Emotet and the protection Malwarebytes can provide for your devices and business systems against the Emotet trojan and other malware, request a tailored threat report, or just get in touch. We might even have a great deal if you’re quick!
Photos by David Everett Strickler and Jae Park on Unsplash