By sending a timed dll bomb to all infected computers, European police have made the botnet Emotet safe.
Timed dll bomb blew up the botnet
The code was distributed at the end of January to Emotet-infected computers by the malware's own infrastructure that had previously been seized in a multinational police operation. The bomb was set to detonate on Sunday, April 25, and it caused the software to destroy itself.
In the last seven years, Emotet has infected more than a million computers worldwide, but now the "world's most dangerous botnet" has been rendered harmless after causing damage worth NOK 15-20 billion. Malware tracking site Abuse.ch and Malwarebytes have confirmed that the Emotet installation has removed itself. Emotet has dominated the cyber threat landscape for several years and the removal represents a significant symbolic and strategic victory.
The international team that took down Emotet was led by Dutch and German investigators.
Possibly illegal police work
The method used by the police may be illegal as the users have not approved to receive the dll file. But the probability of someone being prosecuted is considered extremely small, especially since Emotet has caused billions in damage.
The US FBI conducted a similar operation to clean up infected Exchange servers, so the procedure is probably here to stay.