Share this page!

BleepingComputer Profile picture
Twitter logo
27 Jan, 9 tweets, 4 min read
Europol: Emotet malware will uninstall itself on March 25th - @LawrenceAbrams
bleepingcomputer.com/news/security/…
After today's disruption of the Emotet malware, security research milkream discovered that a new module was being pushed to infected PCs.

This module will automatically uninstall Emotet from infected devices on March 25th, 2021.
In a phone call, Europol's press office confirmed that the German Bundeskriminalamt (BKA) federal police was in charge of this uninstall operation.
This correlates with Emotet's new command and control servers, which are now all located in Germany.
After further analysis by Malwarebytes, the correct uninstall date is April 25th, 2020. We have updated our story to include this information.
This was also seen by @psyklopz24
The confusion was caused by how the Microsoft Time structure's tm_mon value starts at 0, not 1.
docs.microsoft.com/en-us/cpp/c-ru…
Some further info from Germany's @bka in response to our inquiries into the new module.
The US DOJ also released press release today with further information about a "law enforcement file" that would be distributed to devices infected with Emotet.
justice.gov/opa/pr/emotet-…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with BleepingComputer

BleepingComputer Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @BleepinComputer

BleepingComputer Profile picture
11 Aug 20
SANS infosec training org suffers data breach after phishing attack - @LawrenceAbrams
bleepingcomputer.com/news/security/…
In a 'Data Incident' incident notification, SANS states they discovered that one of their employees' email accounts was compromised during a phishing attack.
As part of this attack, a malicous Office 365 addon (most likely an Oauth app) was installed and a rule was created to forward incoming mail to an unknown external email address.

For more information about malicious Office 365 Oauth apps:
bleepingcomputer.com/news/security/…
Read 7 tweets
BleepingComputer Profile picture
1 Aug 20
BREAKING: BleepingComputer has confirmed that Garmin received decryptor for their WastedLocker Ransomware attack.
bleepingcomputer.com/news/security/…
BleepingComputer has been able to obtain the decryptor received by Garmin after they likely paid the ransom to the WastedLocker operators.
The decryptor was included in a workstation restoration package created by Garmin's IT department that decrypts a workstation and then installs a variety of security software. Image
Read 10 tweets
BleepingComputer Profile picture
30 Jul 20
TrickBot's new Linux malware covertly infects Windows devices - @LawrenceAbrams
bleepingcomputer.com/news/security/…
TrickBot has ported their Windows Anchor_DNS malware to a native Linux malware executable that can also be used to infect other Windows devices on the network.
TrickBot's Anchor platform is used for high-value/high-impact targets where ransomware may be deployed, or more APT-like attacks targeting point-of-sale and financial systems.
labs.sentinelone.com/the-deadly-pla…
hello.global.ntt/zh-cn/insights…
cybereason.com/blog/dropping-…
Read 9 tweets
BleepingComputer Profile picture
14 Jun 20
Windows 10 Alert: Defragger bug defrags SSD Drives too often - @LawrenceAbrams
bleepingcomputer.com/news/microsoft…
The general consensus has always been that you should not defrag an SSD drive to prevent unnecessary wear and tear.
Based on an article by Microsoft's Scott Hanselman, Windows 10 performs a defrag of SSDs once a month if volume snapshots are enabled.
hanselman.com/blog/TheRealAn…
Read 8 tweets
BleepingComputer Profile picture
30 May 20
List of well-known web sites that port scan their visitors - @LawrenceAbrams
bleepingcomputer.com/news/security/…
Last week we reported on eBay port scanning their visitor's computer for remote access programs. These scans are part of an anti-fraud product and are most likely used to find compromised computers making fraudulent purchases.
bleepingcomputer.com/news/security/…
While anti-fraud measures are important for any e-commerce site, many felt that a site port scanning your computer when you visit it was too intrusive.
Read 8 tweets
BleepingComputer Profile picture
1 Apr 20
Zoom Client Leaks Windows Login Credentials to Attackers - by @LawrenceAbrams
bleepingcomputer.com/news/security/…
Security researchers @_g0dmode and @hackerfantastic revealed tonight that the Zoom client is vulnerable to UNC injection that can be used to steal Windows login credentials or attempt to launch a program.
When using Zoom's built-in chat feature, users can send URLs that are automatically converted into clickable hyperlinks. It was also discovered that UNC paths can also be sent and automatically converted to clickable links.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @BleepinComputer has new unrolls!

Check out other threads from @BleepinComputer!

Read all threads by @BleepinComputer