advertisement

Cybersecurity EXPERTS from Microsoft, ESET, Lumen, Palo Alto Networks, and other companies, have teamed up to disrupt a major malware distribution botnet. 

In a blog post, Microsoft 365 Defender Threat Intelligence Team said the group managed to disrupt the ZLoader malware, used all over the globe to launch ransomware and similar cyberattacks.

After obtaining a court order, the company seized 65 command-and-control (C2) domains that the ZLoader group used in its activities. 

advertisement

“The domains are now directed to a Microsoft sinkhole where they can no longer be used by the botnet’s criminal operators. Zloader contains a domain generation algorithm (DGA) embedded within the malware that creates additional domains as a fallback or backup communication channel for the botnet,” Microsoft explained.

“In addition to the hardcoded domains, the court order allows us to take control of an additional 319 currently registered DGA domains. We are also working to block the future registration of DGA domains.”

The bad news is that this is, most likely, just a temporary disruption, as ZLoader is known as a mighty persistent malware.  

When it first emerged, some three years ago, ZLoader was a banking trojan, giving its operators the ability to steal login credentials and other data needed to access banking services on the compromised endpoint. It was also capable of disabling popular antivirus software, remaining on devices for much longer than other trojans, at the time. 

Soon after, its creators started offering it as a service, with ransomware operators becoming the most common clients. In its report, Forbes reminds that it was the infamous Ryuk ransomware that utilized ZLoader’s infrastructure to launch attacks that resulted in tens of millions of dollars in damages. 

Microsoft also said that one Denis Malikov, from Crimea, was one of the ZLoader’s creators. 

“We chose to name an individual in connection with this case to make clear that cybercriminals will not be allowed to hide behind the anonymity of the internet to commit their crimes,” Forbes cited Microsoft saying.