Combatting Emotet – the World’s Most Dangerous Malware

by | Apr 21, 2022 | Thought leadership

Emotet – the ‘world’s most dangerous malware’ – is an infamous trojan delivered via infected files or links that can auto-execute on devices without any user interaction. It can then swiftly seize control of devices and networks, downloading additional payloads along the way such as ransomware or info-stealers.

As such, it’s seen as particularly dangerous, with over 2.7 million cases detected since late last year in a new wave of attacks – this time using Excel files to disguise its presence. According to CISA, it costs upwards of $1 million to clean up each incident.

Designed to evade antivirus solutions, the first step in the chain of infection involves tricking the potential victim into opening an attached Microsoft Office file using social engineering. After the file has been opened and macros enabled, there is no need for additional user action because the file contains malicious Visual Basic for Applications (VBA) code that runs after a document has been opened.

The VBA code utilizes Windows Management Instrumentation (WMI) to launch a PowerShell code which downloads the payload – a malicious executable file from the webserver. From there, networks and devices are at significant risk of widespread infection.

How Glasswall Handles Emotet Attacks

Glasswall stops Emotet-infected files by removing macros, preventing information leakage and repairing broken document structures. Glasswall Content Disarm and Reconstruction (CDR) instantly removes the threat presented by Emotet, with no ‘protection delta’ – the time before antivirus and sandboxing tools are updated to protect against new threats.

This is achieved via a four-step process:

 

Step 1 – Inspect

Three layers of the incoming file are inspected to verify that its digital DNA complies with the manufacturer’s specification, and the system corrects any deviations instantly.

 

 

Step 2 – Clean

High risk active content such as macros and embedded links are cleaned and removed from the original file (based on company policy), so only the users who need active content receive it.

 

 

Step 3 – Rebuild

The file is rebuilt to the authorised manufacturer’s standard, ensuring the file is clean and threat-free.

 

 

Step 4 – Deliver

The user instantly receives a safe, identical file that’s compliant, standardized, and trusted. This reduces the risk of malicious code hidden in malware from entering, therefore maintaining business continuity.

 

 

By removing VBA macros and metadata, Glasswall ensures the file’s binary structure conforms to the manufacturer’s specification. Crucially, it does so before the user is exposed to any risk, meaning the ‘Glasswalled’ file is released in a safe state with no malicious Emotet content.

To learn more about Emotet, read our guide here.

Related

What is Glasswall CDR?

Embedded Engine

CDR Platform

Solutions

REST APIs

Email Security

Threat Intelligence

Plug-ins

CDS Plug-in

ICAP Plug-in

Menlo Plug-in

Palo Alto Plug-in

apps

Apps

Clean Room

Desktop

Why CDR?

We believe people should be free to open their files without fear. Glasswall CDR takes a proactive approach to automatically remove all Zero-day threats from files, without sacrificing productivity.

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cybersecurity Crisis Response

Cybersecurity Crisis Prevention

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

Glasswall CDR Portfolio

Reactive cybersecurity is failing - it’s time for a better way. Traditional detection-based security methods play catch up with new threats. Find out how your organization can take a proactive approach to cybersecurity.

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.