A researcher developed a killswitch exploiting a buffer overflow in Emotet – preventing the malware from infecting systems for six months.

A researcher was able to exploit a vulnerability in Emotet – effectively causing the infamous malware to crash and preventing it from infecting systems for six months.

Emotet, which first emerged in 2014 and has since then evolved into a full fledged botnet that’s designed to steal account credentials and download further malware, mysteriously disappeared from February until its recent re-emergence in early August.

On Friday, James Quinn with Binary Defense revealed why: He he had developed a killswitch earlier this year, dubbed “EmoCrash,” that exploited a buffer overflow vulnerability found in Emotet’s installation process.

He’s not the only one looking to thwart Emotet: The news comes shortly after researchers discovered that a mysterious vigilante was fighting the threat actors behind the malware’s comeback by replacing malicious Emotet payloads with whimsical GIFs and memes.

A killswitch is often utilized by defenders to disconnect networks from the internet during cyberattacks – but can also be used against malware families as a way to remove them from systems and stop any processes that are running.

“Just as attackers can exploit flaws in legitimate software to cause harm, defenders can also reverse-engineer malware to discover its vulnerabilities and then exploit those to defeat the malware,” said Quinn in a recent post.

#security