65 domains belonging to the ZLoader botnet were seized by a Microsoft-led cybersecurity consortium.
Microsoft, which periodically comes to the fore with its aggressive steps in the field of cybersecurity, decided to intervene in the ZLoader botnet, which emerged as a variant of the Zeus bot in November 2019.
With the operation carried out in partnership with ESET, Palo Alto Networks, Black Lotus Labs, Avast!, FS-ISAC and H-ISAC, 65 domain names belonging to the botnet were seized and the communication of the victims with the command and control servers was interrupted. 319 backup addresses, which are likely to occur according to the “C2C recovery” algorithm, which is found in the malware itself, were also taken over.
According to Microsoft ZLoader; It had the ability to evade security software, capture screenshots, steal bank accounts and personal information, and provide remote access and persistence. It was also marketed as an access service to other criminal groups such as ransomware operators.
Attackers used fake emails and misleading Google ads to spread to target machines, while later trojans were used. This malicious network, which also uses techniques such as process injection to hide, had become one of the important players of the cyber world by 2022.
Even though taking over malicious domains is not applied much by şirkedollarser due to legal processes and difficulty under normal chardollarsar, it can be said to be a very effective cybercrime response method. In this way, besides cutting off communication between infected systems and malicious software, it is possible to remove them from systems and have clearer statistics.
0 Comments