The international community has once again taken down a major botnet. Law enforcement and courts in the US, Canada and several European countries have disrupted the infrastructure for Emotet, billed as one of the world’s “most dangerous” botnets. While officials were unsurprisingly quiet about their exact methods, they took down Emotet “from the inside” and redirected victim devices to infrastructure authorities controlled — a “unique” approach, Europol said.
Emotet earned its notoriety through both its ubiquity and sophistication. First found in 2014, it used an automated process to deliver malware through infected Word document email attachments. The botnet relied on “hundreds” of servers worldwide fulfilling different roles, and the malware itself frequently evaded antivirus tools by changing its code every time it was put into action. It was unusually resilient against takedowns until now.
Cybercriminals often used Emotet as a way to breach defenses, paying to compromise a computer using the botnet before they installed ransomware, Trojans and other hostile code. The operators behind Ryuk and the recently disrupted Trickbot have relied on Emotet in the past.
This won’t put an end to botnets, and it won’t be surprising if another network takes Emotet’s place. Even so, the takedown and the novel method behind it suggest that it might be more difficult for these botnets to survive in the future without more advanced defenses of their own.