Renewed emergence of emails with 'emotet' Trojans

We are currently receiving a number of emails that look like a reply to correspondence that has actually taken place. This was probably intercepted by the 'emotet' Trojan in May this year. The emails ask you to click on a link.

In general, links in (unsigned) e-mails always represent a security risk, as you cannot be sure who actually sent the e-mail. Please be particularly critical if you are not expecting an e-mail or if it refers to old correspondence (note: you cannot tell whether the correspondence is old by the date, as this has been "adjusted" in the examples provided).

Note for users: If you have clicked on the link, an MS Doc file will be downloaded, which can activate a Trojan via a macro. If the doc file was called up, "activate edit" was clicked and there was no error message stating that macros must not be executed, then your system is infected and must be switched off immediately. Please report this incident to antivirus(at)rhrk.uni-kl.de. The system must not be put back into operation and must be reinstalled.

Note for administrators: Since October, the regulation has been in force that macros in MS Office applications can only be executed if these macros are signed (see: https://www.rhrk.uni-kl.de/startseite/details/news/digitale-signatur-fuer-makros-in-office-anwendungen/ ). The RHRK ensures this for Windows PCs registered in the central Active Directory (AD). For all other Windows systems, the respective administrators are responsible for enforcing this regulation.

With best regards,

Bernd Reuther