This article in PC World identifies a new virus called Emotet that recognizes German banking credentials. To be honest, I was unaware that viruses had not yet infected Germany, but then all good things must eventually come to an end.
“Microsoft says German speakers are being targeted by a new variant of a powerful type of malware that steals online banking credentials.
The malware, called Emotet, was spotted around last June by security vendors. It is notable for its ability to sniff out credentials sent over encrypted HTTPS connections by tapping into eight network APIs, according to a writeup from Trend Micro from last year.
Microsoft has been observing a new variant, Trojan:Win32/Emotet.C, which was sent out as part of a spam campaign that peaked in November targeting mostly German-speaking users, wrote HeungSoo Kang of Microsoft’s Malware Protection Center.”
The virus disguises itself in a variety of clever guises in an effort to promote users to click on it. Once clicked, it then uses stolen information to spread its venom while waiting to pounce on any banking credentials it can sniff out:
“The spam messages try to gain the attention of potential victims by purporting to be some sort of claim, a phone bill, an invoice from a bank or a message from PayPal.
Spam messages containing Emotet can be tricky to filter because the messages originate from real email accounts, Kang wrote. One technique to stop spam messages is to reject messages that come from bogus accounts by checking if the account really exists.
Emotet comes with a list of banks and services it is designed to steal credentials from. It will also pull credentials from a variety of email programs, including versions of Microsoft’s Outlook, Mozilla’s Thunderbird and instant messaging programs such as Yahoo Messenger and Windows Live Messenger.
The stolen information is sent back to Emotet’s “command and control (C&C) server where it is used by other components to send spam emails to spread the threat,” Kang wrote.”
I’m actually positive that Germans have already been victimized by similar viruses, but I guess this is a strong reminder to all of us not to click on links we are unsure of.