1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft, ESET take down ZLoader botnets

    From TechnologyDaily@1337:1/100 to All on Thu Apr 14 16:30:04 2022
    Microsoft, ESET take down ZLoader botnets

    Date:
    Thu, 14 Apr 2022 15:23:07 +0000

    Description:
    Being super persistent, there's a good chance ZLoader might make a comeback.

    FULL STORY ======================================================================

    Cybersecurity EXPERTS from Microsoft, ESET, Lumen, Palo Alto Networks, and other companies, have teamed up to disrupt a major malware distribution botnet.

    In a blog post, Microsoft 365 Defender Threat Intelligence Team said the
    group managed to disrupt the ZLoader malware, used all over the globe to launch ransomware and similar cyberattacks.

    After obtaining a court order, the company seized 65 command-and-control (C2) domains that the ZLoader group used in its activities.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. Blocking future registration

    The domains are now directed to a Microsoft sinkhole where they can no longer be used by the botnets criminal operators. Zloader contains a domain generation algorithm (DGA) embedded within the malware that creates
    additional domains as a fallback or backup communication channel for the botnet, Microsoft explained.

    In addition to the hardcoded domains, the court order allows us to take control of an additional 319 currently registered DGA domains. We are also working to block the future registration of DGA domains.

    The bad news is that this is, most likely, just a temporary disruption, as ZLoader is known as a mighty persistent malware. Read more

    Zloader malware makes a sudden resurgence


    Nasty malware abuses Microsoft e-signature service to steal your passwords


    Qbot malware found smuggled inside Windows Installer packages

    When it first emerged, some three years ago, ZLoader was a banking trojan, giving its operators the ability to steal login credentials and other data needed to access banking services on the compromised endpoint . It was also capable of disabling popular antivirus software, remaining on devices for
    much longer than other trojans, at the time.

    Soon after, its creators started offering it as a service, with ransomware operators becoming the most common clients. In its report, Forbes reminds
    that it was the infamous Ryuk ransomware that utilized ZLoaders
    infrastructure to launch attacks that resulted in tens of millions of dollars in damages.

    Microsoft also said that one Denis Malikov, from Crimea, was one of the ZLoaders creators.

    We chose to name an individual in connection with this case to make clear
    that cybercriminals will not be allowed to hide behind the anonymity of the internet to commit their crimes, Forbes cited Microsoft saying. Keep your devices secure with the best firewalls around



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-eset-take-down-zloader-botnets/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)