ScottWStewart 2 Posted March 8, 2018 Share Posted March 8, 2018 ESET detected but it doesn't seem like it was able to block it according to the info below: Web threat detected desktop-2kh7ne2 EK-Emotet-malspam Detected 177.11.54.161-> xxx.xxx.xxx.xxx:57707 I came here first because I thought you guys can help me resolve this problem. Any help would be greatly appreciated! Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted March 8, 2018 Administrators Share Posted March 8, 2018 It appears that you have Endpoint Security installed. A malicious Word document was blocked by Network Protection upon an attempt to download, e.g. after a user clicked a link in a spam. Since ESET is very good at detecting and preventing Emotet and its VBA downloaders both by url blacklists and LiveGrid, it's very unlikely that the malicious Emotet payload would manage to run even if the initial download attempt hadn't been blocked by Network Protection. In future versions we plan to display threats handled by Network protection in yellow and report "Blocked" instead of "Detected". Link to comment Share on other sites More sharing options...
itman 1,630 Posted March 8, 2018 Share Posted March 8, 2018 I will also add that this particular malware requires that macros be enabled for Word documents. So you might want to review your security procedures in that regard. Here's a detailed analysis on how the malware operates: https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/ Link to comment Share on other sites More sharing options...
ScottWStewart 2 Posted March 8, 2018 Author Share Posted March 8, 2018 Thank you guys for the help and insight. I'll check out the link you sent me as well itman. Link to comment Share on other sites More sharing options...
Recommended Posts