Microsoft disrupts Zloader botnet

A US court has given Microsoft permission to disrupt the Zloader criminal botnet. The hardware and software company then took control of 65 domain names used by the hacker group. The administrators are expected to try to revive Zloader in the near future.

Microsoft’s Digital Crimes Unit (DCU) writes this in a weblog.

This is what you need to know about Zloader

Zloader is malware that developers used to steal usernames, passwords and other financial information. With this data, they tried to steal money from unsuspecting victims. Zloader also included components to disable popular antivirus programs. In this way, the developers made sure that people did not notice that their computer was infected. The network of infected computers, also known as a botnet, was constantly expanding.

In recent years, Zloader offers its botnet to facilitate the spread of malware. The infamous hacker group Ryuk used this service. Members of this group have hacked several hospitals and other healthcare facilities in the recent past. They made sure that medical and other patient data was inaccessible to doctors. The hospitals received the decryption key against the payment of a ransom.

Microsoft hijacks dozens of domains from Zloader

In short, Zloader is a dangerous malware that has infected millions of computers in business, healthcare, education and individuals. Thus, the botnet is called a worldwide network. For that reason, Microsoft’s Digital Crimes Unit (DCU) keeps a close eye on the botnet.

This week, the American hardware and software company dealt a major blow to the Zloader botnet. A court granted Microsoft permission to take control of 65 domain names used by the hacker group behind Zloader. The administrators can no longer use the botnet.

Zloader contained a so-called domain generation algorithm (DGA). That’s a functionality built into the malware to create additional domains for emergency or backup communications for the botnet. In addition to the 65 domains, the judge also gave permission to take over another 319 registered DGA domains. Microsoft says it is busy blocking future registration of DGA domains as well.

Microsoft expects Zloader revival

It took months of investigation before the court gave Microsoft permission to confiscate the domains. During the investigation, Microsoft was able to identify one hacker. It concerns a Russian man who lives in the city of Simferopol on the Crimean peninsula. “We chose to name a person, in this case, to make it clear that cybercriminals should not hide behind the anonymity of the internet to commit their crimes,” the tech company said.

The aim of the action was twofold. On the one hand, Microsoft tried to disable Zloader’s infrastructure. At the same time, the tech company tried to make it more difficult for the administrators to continue their criminal activities. Microsoft does not expect the botnet to be permanently offline. “We expect that the suspects will make efforts to revive Zloader’s activities.”

The case has been referred to enforcement authorities. Microsoft says it will closely monitor Zloader’s activity.

Catch up on more articles here

Follow us on Twitter here


Must read


Related Posts