The vicious Emotet botnet (opens in new tab) has been torpedoed by an unnamed vigilante hacker, who is exploiting weaknesses in the botnet’s infrastructure to sabotage operations.
The saboteur, who is battling with Emotet operators for control, is replacing malware (opens in new tab) payloads with animated GIFs, rendering the botnet effectively impotent.
Reports from Cryptolaemus, a group of researchers dedicated to monitoring Emotet, suggest the vigilante is sabotaging roughly a quarter of malicious downloads associated with the botnet.
- Check out our list of the best malware removal (opens in new tab) software out there
- Here's our list of the best password managers (opens in new tab) on the market
- We've built a list of the best ransomware protection (opens in new tab) available
Emotet botnet
The Emotet botnet is said to be among the world’s most dangerous malware strains and was revived only last week after a five-month hiatus (opens in new tab), although the relaunch has been marred by the ongoing hack.
The attack on Emotet operations began on July 21 after the individual responsible managed to take control of web shells used to control payloads - and has escalated significantly in the six days since.
At first, the mysterious hacker meddled with only a handful of the botnet’s payloads, replacing malware downloads with comedy GIFs of James Franco, Blink 182 and Hackerman. The intrusion has continued to scale, however, and the vigilante has now reduced the botnet’s potency significantly.
“Since [the Emotet administrator] was having technical difficulties today, the hashes are way down and we barely saw much of anything,” wrote Cryptolaemus researcher Joseph Roosen on July 23.
The Emotet operators are reportedly still unable to eject the intruder from their systems, but have become more adept at spotting tampering and fixing malware payloads.
Although the identity of the mysterious saboteur remains unknown, rumors suggest either a rival cybercriminal syndicate or white hat hacker is responsible.
- Here's our list of the best antivirus (opens in new tab) services around
Via ZDNet (opens in new tab)