Emotet Trojan Computer Virus Spreading

Concept art of trojan virus on computer code

A new Trojan virus is spreading across North America. The infected email will feel very familiar, as it will be picking up an email thread you had with a known contact in the past, and will seem as though your contact is picking up an old thread.

This is the Emotet trojan virus.

Delete it. Do not click the attachment. Until AV engineers can write an algorithm to screen this one out, it will get past trust filters because it is hijacking a trusted contact and thread.


Emotet Trojan Virus

Please keep watch for a new variant of the Emotet trojan virus that is spreading rapidly in North America. Please redistribute this blog post to all your staff so that they are aware. Our team at TUCU has distributed this to the assigned technical contact for each organization we serve so they can forward to their direct reports.  This is important.

This trojan infects a computer and then hijacks a recipient email application to look for past sent items and address book entries. It uses the text from those prior sent messages to send it back to the original sender with the included text to trick the original sender into believing this to be a legitimate message. It also uses that communication history to bypass spam filters.

It will often reference an encrypted zip file as an addendum to the original thread and ask you to open it.

These are very convincing emails because of your past communication with the infected person.

They will also change the sender name to that of yourself, the recipient, or another CC on the message, but it will not have the original senders actual email address, just their name superimposed on another random email address.

Once someone is infected with this trojan, their address book and messages are uploaded to a command and control center to continue sending out messages with your own text included even after the trojan is removed from the infected computer.

If you receive one of these messages it is best to delete it immediately and do not open the attached zip file or follow any links in the message.

You may wish to inform the person whose name is on the superimposed fake address that they are infected, however do not do so by replying to the message, rather, compose a new message to inform them. Replying to the infected message will only reply to the fake email address and not the truly infected person.

Please reach out to your IT support services company if this is at all unclear or if you’ve started seeing these emails.

Especially important is to let your IT professionals know if you’ve opened the attachment or followed any links.

Stay safe.


Updating Your Cyber Security

Times have changed. Today, the internet and our inboxes are crowded with cyber threats. For a solopreuneur or a new small business, the startup budget may not cover a full cyber security solution. That’s why it’s smart to get started on the road to security with a basic computer patching services, or, if budget and business growth allow, explore comprehensive IT security for your SMB.

Our team at TUCU, a Toronto IT Support Company serving people across Ontario, can help. Talk to us about startup or small business IT security and management services. We’re here to help you secure and protect your business.

Posted in