Emotet malware has been a serious threat to Windows PCs for years, not least because it is constantly being modified. The virus currently comes as a Word update. One careless click can lead to disaster.
Series of photos with 13 images
The Emotet computer parasite has been around for over five years and is now more dangerous than ever. Not only Emotet itself and the malicious modules it reloads are continually being developed. The tricks that creators use to outsmart the user are also constantly changing.
Since Emotet is a macro virus, it usually needs active help from the user. A macro virus can be found in manipulated Word documents and uses various automation features of MS Office. For security reasons, however, macro execution is often disabled. Emotet must convince the user to allow such macros again.
Pest opens a misleading window
Recently, Emotet presented itself as a Word update, reports the I.T-Portal “BleepingComputer”:
(Those: Screenshot / BleepingComputer)
After the victim clicks on the malicious Word document, a real looking window pops up with the following message:
“Update your edition of Microsoft Word.
Upgrading your edition will add new features to Microsoft Word.
Click Enable Editing and then Enable Content. “
So a new version of Word and new functions are promised. To get the update, you have to click on two buttons. But while this window is a scam, the two buttons are real. They actually belong to Word and are called because the program recognized a macro in the document.
Anyone who sees the window should immediately close Word
With the first click, the user takes the critical document out of secure reading mode. With the second he is given the document to execute the Macro commands contained in it – this gives free rein to the virus to spread to the recipient’s contacts and reload other malware modules which, for example, spy on the computer for access data or encrypt it and ask for a ransom for unlocking.
So if you see this prompt on your computer, you should quickly close the document and Word and delete the email it came from.