FBI Shared 4 Million Emotet Email Addresses with Have I Been Pwned

by Emma Davis
April 28, 2021
4 million Emotet email addresses
Written by Emma Davis

The FBI and Dutch Cyber Police have shared 4 million email addresses used by Emotet with the well-known leak aggregator Have I Been Pwned.

In January of this year, Europol, the FBI and law enforcement agencies around the world, including Canada, the Netherlands, France, Germany, Lithuania, the United Kingdom and Ukraine, conducted a large-scale coordinated operation to eliminate the Emotet botnet, preparations for which lasted two years.

Law enforcers managed to seize control of the Emotet infrastructure, therefore disrupting its work. As a result, the criminals were no longer able to use the hacked machines, and the malware stopped spreading to new targets.the media reported.

When the Emotet C&C servers were taken over by the German Federal Criminal Police Office (Bundeskriminalamt), it was used to deploy a special update to all infected hosts.

An update for Emotet, created by Bundeskriminalamt specialists, was distributed to all infected systems in the form of a 32-bit file EmotetLoader.dll. It contained a “time bomb”, the mechanism that led to the removal of Emotet from all infected machines on April 25, 2021 at 12:00 local time.

However, in addition to user computers, Emotet also hacked into a large number of mailboxes, and then used them for its operations. In this regard, representatives of the FBI decided to provide users with the opportunity to check whether they have suffered from Emotet.

To doing this, experts from the FBI and the Dutch National Unit for the Fight against Serious Technical Crimes shared with the well-known leak aggregator Have I Been Pwned 4,324,770 the email addresses that the Emotet used.

Only 39% of these email addresses have already been indexed by his service, that is, they have previously entered the network as a result of data leaks. Troy Hunt said, creator and head of HIBP.

The addresses provided by HIBP belong to users from a wide variety of countries, but they are not available for simple searches. For privacy reasons, only subscribers of the service affected by Emotet are already warned of frequent compromises. That is, people will either have to confirm control of the address through the HIBP notification service, or search the domain to see if they were compromised.

Let me remind you that a similar service was launched by Dutch law enforcement officers at the beginning of the year. Apparently, in this country a database of stolen email addresses, usernames and passwords was found, and anyone now can check if they were hacked by Emotet simply by visiting the website of the Netherlands police.

Another service Have I Been Emotet was launched last fall by experts from TG Soft. It checks if Emotet has used a specific email address as sender or recipient in its malicious campaigns. However, this service was last updated before the botnet was eliminated.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

View all posts

Leave a Reply

Sending