You are unlikely to receive any Christmas Party-related emails this year if you live in a country that is under lockdown or if your entire office is working remotely. Of course, your company could still be planning a festive get-together over Zoom or Skype, and so receiving messages about some party might not be completely out of reach. Due to this, we have to remember the 'Christmas Party' Email Virus that was flooding inboxes around the world last year. Of course, a phishing email is not a “virus” per se, but this one was used to spread the infamous Emotet Trojan, and if it executed successfully, it could spread itself over the network and send personally addressed phishing emails using the contacts in the stolen address book found within the infected computer.
The 'Christmas Party' Email Virus is not the only campaign used to spread the Emotet Trojan. This is one of the most well-known infections of today, and the cybercriminals behind it use various techniques to spread it successfully. At the end of 2019, researchers found it hidden within bogus “Christmas Party next week” or “Christmas party” emails. These emails pushed the recipients to open an attached file that, supposedly, contained important information about the upcoming party. Of course, instead of facing this “important” information, the recipient was tricked into executing the Emotet Trojan. It is enough for this malware to infect one computer, and then it can steal the address book and use the victim’s personal email account to send out the bogus 'Christmas Party' Email Virus. The worst part is that the infection impersonates a real person, and the recipients are likely to trust them.
Even if the 'Christmas Party' Email Virus is not successful at executing the trojan on multiple computers, it can easily infect the devices connected in the same network. Therefore, one victim is enough. Emotet can copy and execute itself via network shares, and once the devices are exposed, they can be subjected to all kinds of new infections. Banking trojans are dropped by Emotet in most cases. The infection can also breach accounts using brute-force attacks, and it can easily collect passwords and other login data if it is saved within browsers. Needless to say, this could create all kinds of problems. Within a company, this could mean that a single victim is responsible for a mass attack on the entire network. For someone working remotely, this could mean that their only instrument for work is corrupted, and that their good name is used to spread the 'Christmas Party' Email Virus to their colleagues’ inboxes.
According to our research team, once the Emotet trojan slithers in, it is likely to be dropped to %WINDIR%, %WINDIR%\SysWOW64\, or %WINDIR%\Temp\ directories. However, other locations could be used too. Also, by the time you uncover this malware, all kinds of additional threats might have been dropped too, which is why our research team does not recommend dealing with this malware manually. In fact, if you are part of a company, you should not deal with this malware alone at all. Instead, you should employ your company’s security or IT team to assist you. Of course, reliable anti-malware software can uncover and delete 'Christmas Party' Email Virus-related malware components, and so if you are working from home, this could provide you with the quickest fix. Nonetheless, you still need to check your emails to see what messages have been sent from your account, and you also want to change all passwords.
Will we be seeing a new wave of the 'Christmas Party' Email Virus this year? That is unlikely, but a different version of this phishing attack is likely to hit us when we least expect it. We still have to go through Thanksgiving, Chanukah, Christmas, Kwanza, New Years, and other holidays, and who can guess which one of them the cybercriminals behind the Emotet Trojan will choose to exploit next. So, what can you do? Secure your system, implement all available security firewalls, watch out for strange emails (even when they are sent from known senders), and do not ignore malware if it manages to slither in.