virus

The USA's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are reporting the large-scale re-emergence of the Emotet trojan. Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISAs EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity. CISA observed Emotet being executed in phases during possible targeted campaigns. Emotet used compromised Word documents (.doc) attached to phishing emails as initial insertion vectors. It spreads via links in e-mails and as macros in .doc files attached to e-mails.

Even by the standards of spammers, we have to be impressed with the targeting of this outfit. antimoneylaundering.net has, this spammer claims, sent an e-mail to antimoneylaundering.net. That's our sister domain. That's not clever - lots of criminals do that. It's not even clever to put the name in the "from " - criminals and sales people do that. But to tie it to something that might actually be of genuine interest? That is clever or, at least, devious.

We reproduce below, unedited, the full text of two announcements by US-CERT, the US government cyber security office, relating to the HIDDEN COBRA virus which contains information in addition to that previously published.

A new form of spam-scam has come to our attention. We understand that this has not been widely seen before. Its nature is that it is likely that many receiving the email will click on links.

The US government's CERT division of the Department of Homeland Security has issued a statement that explains the risks and problems associated with the Petya ransomware virus and details of it.

We are not pretending to be making any contribution to the story about this spectacularly successful virus - we're just helping spread information about it. This is from the USA Government's information service about cyber-threats, US-CERT which is part of the Department of Homeland Security.

17 May 2017

It's been around since the latter stages of the US election, first being reported in October 2016 and it's a hoax.