Cybersecurity EXPERTS from Microsoft, ESET, Lumen, Palo Alto Networks and other companies have teamed up to disrupt a major malware distribution botnet.
In a blog post, the Microsoft 365 Defender Threat Intelligence team said the group successfully disrupted the ZLoader malware, which is used around the world to launch ransomware and similar cyberattacks.
After obtaining a court order, the company seized 65 command-and-control (C2) domains that the ZLoader Group used in its operations.
Block a future registration
“Domains are now directed to a Microsoft sinkhole where they can no longer be used by criminal botnet operators. Zloader contains a domain generation algorithm (DGA) built into the malware that creates additional domains as a back-up or back-up communication channel for the botnet,” Microsoft explained.
“In addition to hard-coded domains, the court order allows us to take control of 319 additional DGA domains currently registered. We are also working to block future registration of DGA domains.
The bad news is that this is probably only a temporary outage, as ZLoader is known as a powerful persistent malware.
When it first emerged about three years ago, ZLoader was a banking Trojan, giving its operators the ability to steal login credentials and other data needed to access banking services on the compromised terminal. It was also capable of disabling popular anti-virus software, remaining on devices much longer than other Trojans at the time.
Soon after, its creators began offering it as a service, with ransomware operators becoming the most common customers. In its report, Forbes recalls that it was the infamous Ryuk ransomware that used ZLoader’s infrastructure to launch attacks that caused tens of millions of dollars in damage.
Microsoft also said that a certain Denis Malikov, from Crimea, was one of the creators of ZLoader.
“We have chosen to name one individual in this case to make it clear that cybercriminals will not be allowed to hide behind the anonymity of the internet to commit their crimes,” Forbes said quoting Microsoft.