December 5, 2019
Digital Arts Inc.
Releasing Analytical Data of Destructive "Emotet" Malware
Latest versions of i-FILTER and m-FILTER can detect the threat
Information security solution provider Digital Arts Inc. (headquartered in Chiyoda-ku, Tokyo, Japan, CEO: Toshio Dogu, hereinafter referred to as "Digital Arts," Code 2326) issued the analytical data of e-mails and URLs potentially infected by the malware "Emotet" recently discovered on or around December 3, 2019.
The Emotet malware has evolved and re-appeared several times since first identified in 2014. In September 2019, we confirmed several cases where the malware was downloaded and activated via a fraudulent website1. On or around December 3rd this year, the malware changed its approach of attack and has been aggressively spreading infections in Japan. In the light of these events, the IPA and JPCERT have issued an alert2.
One cause of the increasing damage is that Emotet has become so ingenious that the receiver can be easily tricked by the infected e-mail, as it contains a person's name, e-mail address, and e-mail content, with whom the receiver has interacted before. Some e-mails appear to be an officially-sent reply, and many users are prone to open the e-mails in the course of their jobs, making it difficult for most to judge at a glance.
The web security product i-FILTER Ver. 10, and e-mail security product m-FILTER Ver. 5 can detect the Emotet malware. Both work to protect their users from receiving or opening the infected URL.
At Digital Arts, we have analyzed the access logs to ascertain information like malicious e-mail subjects, attached files, and URLs, and we are now sharing this information through our corporate website. Every early to mid-December aligns with the Christmas and News Year's season, this is when the series of attacks is observed; therefore, we will work to continuously issue alerts to raise awareness going forward.
Analysis of "Emotet" malware
The following is available on our corporate website (in Japanese only).
Page: Cyber risk information service D-Alert
- E-mail subjects
- Attached file names
- Attached file HASH values
- Process for handling
- Infection process
- URLs accessed during macro run time
- How our company's product is handling
How our company's products handling the Emotet malware
i-FILTER and m-FILTER have produced the capability of blocking the new threat of malware.
Functionalities and Features of the Web Security Product i-FILTER Ver.10
Creating a safe web environment achieved by the whitelist database that allows accessing to the safe and pre-approved web contents.
- The whitelist database that covers all searchable websites in Japan to grant accesses only to those sites confirmed to be safe, while blocking whichever unsafe or unknown URLs.
- The whitelist can pre-register websites needed for work and allow or deny access through the filtering set up according to the organization rules.
- No extra maintenance work for the URL list required and customers do not need to spend extra time or effort for security.
Features that block Emotet
Whitelist database and download filter feature
Two main features together block the spread of malware: 1. Preventing access to unknown and potentially harmful URLs based on the whitelist database and 2. Preventing download of the malware from falsified websites based on the download filter feature.
E-mail security product m-FILTER Ver. 5 features
- Combines a list of IP addresses and e-mail domains to ensure that only e-mails from those deemed to be safe can be received.
- Detects and quarantines e-mails with disguised sender information, disguised attachments, disguised body text, etc.
- Can delete attached files, disable links, and render e-mails harmless, making m-FILTER Ver. 5 ideal for isolated network environments.
Features that block Emotet
Whitelist database and function to detect disguised attached files
Two main features combine to block the spread of malware: 1. A whitelist database that analyzes the sending domain, and 2. A function to analyze macros embedded in the attached files.
Digital Arts is committed to providing safety and peace of mind to an internet-centered society. Therefore, we aim to accelerate and extend the development of defense solutions to counter the ever-increasing threat of targeted attacks and data leaks in the areas of web, e-mail, files and others.
- See the following our security report for more details (in Japanese):
- See the following IPA identified e-mails that aim to infect the virus called "Emotet" (in Japanese):
See the following for warnings from JPCERT regarding the Emotet malware:
- About i-FILTER Ver. 10 × m-FILTER Ver. 5