Skip to main content

Microsoft OneNote files used to distribute emotet malware

JMeixner
Forum|alt.badge.img+17
  • JMeixner
  • On the path to Greatness
  • 2650 comments

A new email campaign to distribute the emotet malware has been started.

Microsoft blocks macros in Office files now, so this is not an effective way to infect many users anymore.

Because of this OneNote files are attached to the mails now…

OneNote files may have design elements in a document which overlay attached files in this document. The elements are designed to make the user double-click on the design element to execute the hidden file.

The attached file is a VBscript file which downloads a DLL from a compromized site.

It is not clear at this time which workloads are exactly loaded and deployed.

 

So, be careful when receiving mails with attached OneNote files….

 

Read the whole article with more information here:

https://www.bleepingcomputer.com/news/security/emotet-malware-now-distributed-in-microsoft-onenote-files-to-evade-defenses/

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
Rick Vanover
Chris.Childerhose
coolsport00
19 people like this
  • Rick Vanover
    Rick Vanover
  • Chris.Childerhose
    Chris.Childerhose
  • coolsport00
    coolsport00
  • marco_s
    marco_s
  • BertrandFR
    BertrandFR
  • SSimpson
    SSimpson
  • TeckSzeTay
    TeckSzeTay
  • AndrePulia
    AndrePulia
  • Iams3le
    Iams3le
  • Jean.peres.bkp
    Jean.peres.bkp
  • J
    Jens Ahlreep
  • A
    Alexander Driess
  • Madi.Cristil
    Madi.Cristil
  • A
    Aaron Kastl
  • G
    grauer
  • PeteSteven
    PeteSteven
  • A
    Abijim
  • L
    lukasluke
  • C
    Chrissawi

4 comments

Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8512 comments
  • March 19, 2023

Yikes now via OneNote what won't they try. Thanks for the heads up.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
wolff.mateus
1 person likes this
  • wolff.mateus
    wolff.mateus
marco_s
Forum|alt.badge.img+8
  • marco_s
  • Influencer
  • 371 comments
  • March 20, 2023

Never relaxed.. :(

 

Thanks for sharing Joe!

Marco Sorrentino - Italy | System Engineer | VMCE & VMCA
Chris.Childerhose
wolff.mateus
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • wolff.mateus
    wolff.mateus
jc.grellet
Forum|alt.badge.img
  • jc.grellet
  • New Here
  • 5 comments
  • March 20, 2023

Sharing information is the best defense.

Thanks

VCP-DCV | MCSE | MCITP | DCIE
Chris.Childerhose
1 person likes this
  • Chris.Childerhose
    Chris.Childerhose
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8512 comments
  • March 20, 2023
jc.grellet wrote:

Sharing information is the best defense.

Thanks

Absolutely and why this community is so great.  Everything is not just Veeam.  😉

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
jc.grellet
1 person likes this
  • jc.grellet
    jc.grellet

Comment


Terms & Conditions