Since 10 October 2019, Emotet has been reported on some @education.lu email deployed for the national education in Luxembourg. This malware is dangerous because it has a very fast propagation capacity, but not only. While infecting a computer, it is able to download and install other malware such as ransomware that lock data on their victims’ computer and require a payment to unlock them.

Misleading e-mails

Like many other spam e-mails, Emotet is propagating in the form of e-mails that look like they come from legitimate sources (businesses, financial institutions, government agencies and individuals). Once opened, these e-mails usually contain misleading text that encourages the user either to open attachments or to click on links so to open Word or Excel documents. False invoices or fake delivery notes are often used as inducement.

At the opening of the link or the document, the user is asked to activate macros under a false pretext or a hidden context: activate Microsoft Office, accept a license agreement, unlock a document, etc. That is precisely the time when Emotet attacks… Once macros activated, a script is run to download and install Emotet, and with it, other malware on the victim's computer.

A call for vigilance

To guard against Emotet, like other spam, extra vigilance is required:

• Be careful with attachments included in an e-mail that you do not expect or if you do not know the sender.
• Keep in mind that a friend, a neighbor, a member of your family or a colleague can also send you an infected email if his/her own computer has previously been infected / attacked.
• Keep your computers and anti-virus / anti-malware software up-to-date.
• Do not open an e-mail attachment until you have verified that it is a safe item.
• Be suspicious if you receive documents that require activation of macros.