ScottWStewart 2 Posted March 8, 2018 Posted March 8, 2018 ESET detected but it doesn't seem like it was able to block it according to the info below: Web threat detected desktop-2kh7ne2 EK-Emotet-malspam Detected 177.11.54.161-> xxx.xxx.xxx.xxx:57707 I came here first because I thought you guys can help me resolve this problem. Any help would be greatly appreciated!
Administrators Marcos 5,725 Posted March 8, 2018 Administrators Posted March 8, 2018 It appears that you have Endpoint Security installed. A malicious Word document was blocked by Network Protection upon an attempt to download, e.g. after a user clicked a link in a spam. Since ESET is very good at detecting and preventing Emotet and its VBA downloaders both by url blacklists and LiveGrid, it's very unlikely that the malicious Emotet payload would manage to run even if the initial download attempt hadn't been blocked by Network Protection. In future versions we plan to display threats handled by Network protection in yellow and report "Blocked" instead of "Detected".
itman 1,921 Posted March 8, 2018 Posted March 8, 2018 I will also add that this particular malware requires that macros be enabled for Word documents. So you might want to review your security procedures in that regard. Here's a detailed analysis on how the malware operates: https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
ScottWStewart 2 Posted March 8, 2018 Author Posted March 8, 2018 Thank you guys for the help and insight. I'll check out the link you sent me as well itman.
Recommended Posts