Skip to content

Emotet botnet hits quiet patch before Black Friday – the calm before the storm?

Most wanted botnets – Emotet, Trickbot and Qbot. What are this terrible trio up to, and how do you stay safe?

Emotet and holidays like Black Friday are good pals. That’s because Emotet’s seasonal specialty is filling your inbox with holiday “deals” that aim to compromise your machine, steal valuable data and account credentials and open it up to subsequent attacks from other malicious actors.

This year, we saw Emotet flooding inboxes with malicious emails in monthly campaigns running from August to October – campaigns that reached into the low tens of thousands of detections in ESET telemetry:

Figure 1: Monthly Emotet campaigns detected in ESET telemetry

Right around Halloween, and leading up to Black Friday, Emotet went quiet. It’s suspected by ESET researchers that Emotet’s operators are taking a little downtime before roaring the spam engine back to life for 2020’s Black Friday and the following pre-Christmas period.

While Emotet’s writers have, in the past, placed a rude comment or two about ESET in their malware binaries, ESET protection has not been outdone. Dealing with Emotet’s attacks can be as simple as being cautious, by not clicking on links in emails, avoiding the “Enable Content” button in documents that arrive as attachments of suspicious, yet legitimate-looking, emails and using security software like ESET Internet Security that protects you when you accidentally click.

The other specials Emotet likes to offer are its friends, Qbot and Trickbot. Emotet is known to serve up both Trickbot and Qbot malware to its victims. Both these malevolent families are more than happy to help themselves to victims’ sensitive information, credentials and other valuable data, and often finish their nasty business by installing ransomware such as Ryuk or Conti.

Let’s see how busy Trickbot and Qbot – Emotet’s friends – have been in the past few months:

While Trickbot’s detection numbers remain in the hundreds – likely due to the recent disruption efforts – Qbot has been quite busy, with detection numbers for the malware reaching the low thousands from August to October. In fact, following Halloween, Emotet detection numbers subsided, while Qbot detection numbers kept their former levels. That would suggest that Qbot is also using other distribution channels to get into potential victims’ inboxes.

How to stay safe from malicious bots Emotet and its buddies don’t just flood your inbox with dangerous malspam, but they also go after other devices in your network. Trickbot, for example, has been using hacked routers for a long time for command and control. Therefore, it is important to review the security settings of all your home devices.

  1. You can find some practical tips on how to configure your home router securely here.
  2.  If you use child trackers and watches, smart doorbells, smart security cameras or smart home hubs, you can read up on the privacy and security considerations surrounding their use here.
  3. If you want to test your mettle against phishing emails or malspam, you can find a few options here.
  4. Finally, don’t forget to protect all your devices with security solutions like ESET Mobile Security for Android, ESET Internet Security for Windows or ESET Cyber Security for macOS. These offer multilayered protection that can detect and block Emotet’s efforts, whether fingerprinting victims’ machines, spreading laterally in a network or downloading payloads such as Trickbot and Qbot.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.