What is happening?
After the previous takedown attempt, the law enforcement agencies had delivered a new configuration to active Emotet infections so that the spam botnet would use C2 servers controlled by Germany's federal police agency, the Bundeskriminalamt.
Law enforcement spread the new Emotet module in the form of a 32-bit EmotetLoader[.]dll to all of the infected systems that will automatically uninstall the malware on April 25.
The recently added module deletes associated Windows services, autorun Registry keys, and subsequently exits the process. It then leaves everything else intact on the infected devices.
The module does not remove any other malware that was already installed on the infected system via Emotet; instead, it stops additional malware from being installed on the infected system.
Reversing the damage
Near around the same time as the recent shutdown, the FBI has been actively working to further minimize the malicious impact caused by this global threat.
The FBI has identified around 4.3 million email addresses that were harvested by the Emotet botnet and shared it with the Have I Been Pwned site.
To alert all the impacted users, the entire database has been handed over to the Have I Been Pwned (HIBP) service.
Recent takedown attempts
Government agencies a ..
Support the originator by clicking the read the rest link below.