Microsoft dismantled the ZLoader botnet, naming key members as a deterrent
Microsoft has taken technical and legal measures to damage the activities of cybercriminals using ZLoader as a malicious service.
More interestingly, Microsoft also decided to publicize the identity of one of the criminals who contributed to the ZLoader ransomware distribution function. The person in question is Denis Malikov who lives in Simferopol, Crimea.
Microsoft believes that revealing the identities of cybercriminals serves as a deterrent to the rest. Microsoft wants cybercriminals to know that they can't hide their identities forever, can't hide forever behind digital masks.
Microsoft has also obtained court approval to control 65 domains that the hacker group is using to develop their botnet. The ZLoader botnet typically includes infected computers from hospitals, schools, homes, and businesses around the globe.
Controlled domains will redirect to a Microsoft website so that users are no longer at risk. Zloader contains a domain generation algorithm (DGA) for the purpose of generating additional domains as a backup or backup communication channel for the botnet. Therefore, in addition to the fixed domain names, Microsoft is also allowed to control 319 registered DGA domains. Microsoft is working hard to block future DGA domain name registrations.
Initially, the purpose of ZLoader was to steal money and login information. Now, they also sell malicious code as a service to distribute ransomware like Ryuk.
Microsoft also thanks the coordination and support of other companies such as ESET, Black Lotus Labs, Palo Alto Networks Unit 42, Avast.
Microsoft notes that the takedown will bring ZLoader down for a long time, but they will certainly try to revive the botnet. Microsoft will closely monitor the activities of this gang and take additional preventive measures if necessary.
You should read it
- Microsoft's source code signature control system is easily bypassed by Zloader malware
- How the botnet works
- Microsoft has just taken down a huge botnet network
- What is a botnet, who does it use to attack, and how can you prevent botnet?
- What is botnet DDoS?
- Microsoft has just taken down the world's largest botnet
- GoldBrute botnet campaign is trying to hack 1.5 million RDP servers worldwide
- The US warned about DealtaCharlie - DDoS botnet malware from Korea
- The rise of Botnet IoT and how to protect smart devices
- Botnet Echobot spreads across a wide range, specifically targeting Oracle and VMware applications
- The Gupteba botnet that infected 1 million Windows computers has just been taken down by Google
- WireX DDoS Botnet: tens of thousands of Android phones are hacked
Maybe you are interested
Here's everything Microsoft knows about your PC!
How to enable Extension Performance Detector in Microsoft Edge
Microsoft: TPM 2.0 in Windows 11 is mandatory and 'non-negotiable'
New Microsoft 365 Attack Can Break 2FA
Microsoft still recommends 15-year-old backup solution for Windows 11 and 10 users
How to disable custom scroll bars on Microsoft Edge