Facts details

Indeed, Europol or the European Criminal Police, in collaboration with Euro just or the European Union's Judicial Cooperation Department, removed the inconvenience caused by emote after a two-year operation. Europol is responsible for managing the investigations carried out by law enforcement agencies in the 10 countries that helped eliminate the malware. From now on, all infected computers will be redirected to an infrastructure controlled by Europol. Agents modify malware so that infected computers can pass through the servers they control. In addition, the German police stated that the IP addresses of infected computers are transmitted to the BSI (Nassir), which disinfects the devices. A system that is not yet available in France.

During the dismantling process, 17 servers in different countries such as Ukraine, Lithuania or the Netherlands were confiscated. The officers also confiscated computer equipment and money. They arrested two people responsible for the spread of malware and the proper functioning of the infrastructure. In view of the charges brought against them, they are sentenced to 12 years in prison.

Emotional demonstration

As a reminder, emotes is a very dangerous virus that spread to millions of computers through phishing emails. In the beginning, this malware took the form of banking software that can be used to steal banking information. These emails contained captured links and attachments in Word format, which intrigued captured internet users. The files were in the form of a press release on the health crisis, a package dispatch notification or an invoice. Hackers used the hijacking thread to insert old email conversations from malicious emails.

Once the emotes is installed, fishing and spam campaigns are created. The attackers of this malware sold the target computer systems to other cyber criminals. As a result, they cause other illegal activities such as ransom ware extortion or data theft. The cyber criminals hid under different identities: Ivan, Mealy bugs, Mummy Spider or TA542. Many are victims of this malware, including Bouygues Construction, the Ministry of the Interior, lawyers and judges from the Paris Court, not to mention many French organizations.

Aside from emotes, another malware has already been dismantled in the Trick bot botnet, which resells email access to other malicious groups. In relation to the Readopt affair, the French gendarmerie carried out this operation. She took control and modified the software on the infected computers. No arrests were made during this dismantling. This could cause the virus to reappear under a different name, as in the case of the Kolkhoz botnet.