Jump to content

Urgent, EK-Emotet-malspam


Recommended Posts

ESET detected but it doesn't seem like it was able to block it according to the info below:

Web threat detected   desktop-2kh7ne2 icon_slider_high.png EK-Emotet-malspam Detected 177.11.54.161->  xxx.xxx.xxx.xxx:57707

 

I came here first because I thought you guys can help me resolve this problem. Any help would be greatly appreciated!

Link to comment
Share on other sites

  • Administrators

It appears that you have Endpoint Security installed. A malicious Word document was blocked by Network Protection upon an attempt to download, e.g. after a user clicked a link in a spam. Since ESET is very good at detecting and preventing Emotet and its VBA downloaders both by url blacklists and LiveGrid, it's very unlikely that the malicious Emotet payload would manage to run even if the initial download attempt hadn't been blocked by Network Protection.

In future versions we plan to display threats handled by Network protection in yellow and report "Blocked" instead of "Detected".

Link to comment
Share on other sites

I will also add that this particular malware requires that macros be enabled for Word documents. So you might want to review your security procedures in that regard. Here's a detailed analysis on how the malware operates: https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...