Today, an action by international investigative services has removed the infamous Emotet malware from more than one million infected computers worldwide. In January, the Dutch police and foreign investigation services managed to take over the Emotet network. Two of the three main servers that run the Emotet botnet were located in the Netherlands and fell into the hands of the Dutch police.
"A software update is placed on the Dutch central servers for all infected computer systems. All infected computer systems automatically retrieve the update there, after which the Emotet infection is placed in quarantine", the Public Prosecution Service and the Dutch police said in the announcement. know about the operation.
Besides the Dutch police also left the German police an update from that caused the malware today was automatically removed . This only concerns the registry key and service with which Emotet started on infected computers. Other malware installed via Emotet can still be active on infected machines.
"Deploying code through a botnet, even with the right intentions, has always been a tricky topic because of the legal ramifications of such actions," said security researcher Jerome Segura of anti-malware firm Malwarebytes. Although the Emotet botnet was shut down in January, it was decided not to remove the malware until today to give administrators enough time to investigate infected computers.