Hello, welcome to the Thursday, September 19th, 2019 edition of the Sandsenet Stormsenders Stormcast.

My name is Johannes Ulrich, and I am recording from Stockholm, Germany.

After disappearing for a few months earlier this year, Emotad has really been back with vengeance and is, well,

back to its old tricks of serving as a distribution network for various malware.

So, Brad wrote up a diary about a sample that he ran across earlier this week and he's discussing some of the traffic

that he observed from this particular sample.

Interestingly, while the email actually was used to trick the user to load the malicious

document here was written in German and actually this particular emote head strain has caused

some ransomware infections and such in particular in Germany that sort of made the news. As usual

you have to enable macros now emote head is pretty good instead of coming up with the right

reason for a user to

actually do that.

And in the example that Brad looked at, then Trickbot was installed as payload for EmoTed.

And Microsoft appears to have some ongoing issues with its Windows Defender product.

Now, one bug that was sort of ongoing, I believe since August, was that when you ran it

in the command line with SFC slash scan now, you actually got an error that there was a corrupt

file. Now, last week Microsoft released a new version of Defender 4.18.1908.7 that appeared to have

fixed this particular issue. SFC slash scan now, now appeared to work fine.

But apparently, this new version also added a new bug in Windows Defender.

If you are running a full or a quick scan on your system, it will only scan about 40 files.

After that, it will stop without displaying an error.

Now of course that leaves most of your files unscanned and may lead to actual malware being

...