Hello, welcome to the Thursday, December 19th, 2019 edition of the Sandsenet Stormenast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

We've got another diary by Brad, and he's looking at the latest emotette activity.

Emotet, very, very active, really also in the news quite a bit.

And the latest message that he's sort of taking apart here is actually very straightforward.

One of those typical invoice messages that then attaches a Word document.

And of course, a Macro in the word document will then trigger

additional downloads.

Now, in this case appears that the malware was mostly used then to again spread the infection

further by sending emails.

Emothead is often used to sort of install these spam trojans on the system.

It infects.

Now, one trick that EMod hat uses a lot to appear more plausible is that it sort of injects itself

into conversations that it finds on the infected system.

And the German office for information security is warning that they are aware of a number

of systems affected in federal agencies that do just that.

So now it appears the email is coming from some kind of government agency that you're

currently communicating with and it sort of looks like a reply to an email that you send.

Of course, that makes this very dangerous because now an unsuspecting victim may be more

likely willing to, for example, enable macros on a document they receive.

And if you're looking for something to do next week, why not patch, Jumla, if you're still

...