Microsoft dismantled the ZLoader bot network

Microsoft Digital Crime Unit (DCU) it has removed dozens of domains that are notorious ZLoader botnet used as command-control (C2) servers.

A court order obtained by Microsoft allowed the company to take over 65 hardcoded domains used by the ZLoader group to control botnets, and another 319 domains registered using the domain generation algorithm used to create backup communication channels.

Microsoft said its researchers have identified one of the criminals behind the ZLoader botnet component used to distribute ransomware. It is about Denis Malikov, who lives in Simferopol, on the Crimean peninsula.

“We have decided to name a person in connection with this case in order to make it clear that cybercriminals will not be allowed to hide behind the anonymity of the Internet to commit their crimes,” said Amy Hogan-Bernie, DCU director.

ESET, Black Lotus Labs, Palo Alto Networks Unit 42 and Avast also took part in the Microsoft-led investigation.

ZLoader, also known as Terdot and DELoade, is a widely known banking Trojan first spotted in August 2015 when it was used in attacks on clients of several British banks. ZLoader can take screenshots, collect cookies, steal passwords and bank account information, it can be used for reconnaissance, disabling legitimate security tools and providing remote access to attackers. ZLoader is almost entirely based on the source code of the Zeus v2 Trojan that leaked more than a decade ago.

The malware was used to attack banks around the world, with the ultimate goal of collecting financial data. ZLoader can also function as a backdoor and provide remote access to attackers, and can also be used to load other malware on infected devices.

It has recently been used to distribute ransomware such as Ryuk, Egregor, DarkSide and BlackMatter.



Source: Informacija.rs by www.informacija.rs.

*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!