La Polizia Olandese vuole impedire che il malware Emotet possa essere riattivato: il prossimo step dell'operazione internazionale iniziata nei giorni scorsi è previsto per il 25 aprile.
La maxi operazione di Polizia informatica che pochi giorni fa ha smantellato la rete di server di controllo di Emotet, il virus più pericoloso al mondo, non è ancora terminata. Durante l’operazione sono stati arrestati anche due hacker in Ucraina e ora la Polizia olandese si prepara alla prossima mossa.
Cioè l’eradicazione del virus dai computer sui quali è già stato scaricato. Per farlo verranno usati gli stessi computer sequestrati, i server delle tre “botnet" Epoch 1, Epoch 2 ed Epoch 3 che fino alla settimana scorsa servivano da centro di comando e controllo (i cosiddetti “server C&C“) del virus e che a breve “inietteranno il vaccino" nei computer già infetti. The same network used by hackers until yesterday to spread the Emotet malware (and many others), therefore, will now be used by policemen to destroy the virus definitively.
What has been done until now
To understand how the Emotet virus will be destroyed, it is necessary to remember how it has always worked (and how many other widespread malware work). Emotet usually enters a computer via a phishing message, an email inviting the user to download an infected file.
Once it enters the computer Emotet does nothing but connect to a list of servers, divided into the three aforementioned Epoch botnets, waiting for further commands or to receive other viruses with which to further infect the computer.
The international Cyber Police operation, for this, aimed straight at the control servers preventing the communication between these machines and the virus downloaded on millions of PCs worldwide. Emotet, however, is still there: it is in those computers but it can't do anything anymore because its servers are not responding.
How Emotet will be destroyed
The next step will be to automatically delete, with a command sent by the servers themselves, all copies of the virus. In fact, an updated copy of the virus will be sent, containing the code that will tell Emotet to uninstall itself from the infected computer.
The scheduled date for this second phase of the operation, which is basically like administering the vaccine against Emotet, is April 25, 2021, 12:00 noon. On that day, at that time, we will be able to say that Emotet is finally a virus of the past.