Emotet uses parked domains to distribute payloads

Emotet uses parked domains
Written by Emma Davis

Domain owners often park them and use the services of special providers to monetize domains through ad networks while they are not used for their intended purpose. Recently, cybersecurity experts found out that attackers, for example, Emotet malware operators, use parked domains.

Setting up a parking service is simple and only requires domain owners to point their name server (NS) records to the parking service. In turn, parking services will either provide visitors with a list of advertisements or automatically redirect users to advertisers’ web pages.

While domain parking might appear harmless at first glance, parked domains pose significant threats, as they can redirect visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time.written by experts from Palo Alto Networks.

Palo Alto Networks experts say that from March to September 2020, they discovered about 5,000,000 new parked domains, and about 1% of them are used by hackers to spread malware and within phishing campaigns; about 2.6% are now associated with adult content or gambling, and another 30.6% are suspicious.

Oftentimes, parking services, and ad networks don’t have the means or the will to filter out intruders. Therefore, users are exposed to various threats, including the distribution of malware, potentially unwanted software, and phishing scams.write Palo Alto Networks analysts.

Such attacks target victims from all over the world, including the United States, Britain, France, Japan, Korea, and Italy.

Emotet botnet operators also use parked domains. Their campaign targets many different industries, from government and education to energy, manufacturing, construction, and telecommunications.

For example, one of the domains used in the attacks, valleymedicalandsurgicalclinic[.]com, was registered on July 8, 2020, and was parked immediately.

Emotet uses parked domains

Starting on September 14, just two months after registration, this domain became malicious and began spreading various malware. Among other things, it was used to distribute Emotet payloads through phishing emails, which ultimately led to the theft of accounts and complete takeover of infected devices.

The documents that are attached to phishing emails contain scripts-macros that communicate with the control servers from the victim’s machines. Emotet downloads Trojans on the affected devices that steal the victim’s credentials and completely compromise the system.write the experts.

Let me also another time warn thar Emotet Trojan Returns in Spam Attacks Dropping Qbot TrickBot.

User Review
3 (1 vote)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.