Microsoft takes on the ZLoader criminal network

Is this really the end for the ZLoader malware? Notorious for attacking healthcare facilities and businesses, this botnet was taken down by Microsoft.

ZLoader is a botnet that relies on a network of infected machines present in companies, hospitals, schools and also in private homes. Particularly active, he served in cyberattack campaigns all over the world, including in France last year. Professional couriers have thus been targeted to collect sensitive data.

« Malware as a service »

Following a court order, Microsoft was able to dismantle this malware controlled by an organized criminal network exploiting malware in the form of “software as a service” (SaaS). The objective is to steal and extort money. The Windows publisher has taken control of 65 domain names used by this network, as well as 319 other domain names associated with the domain name generator algorithm integrated into the malware.

Microsoft explains that originally, ZLoader proceeded to steal login credentials, passwords and other information, in order to extort money from its victims. But the software was also able to disable the most common antivirus and security software, thanks to a specific component. Affected persons and institutions might therefore no longer detect the infection.

ZLoader has also been used to develop other malware such as Ryuk ransomware, which targets healthcare institutions to extort ransoms. The operation carried out by Microsoft aims to decommission the ZLoader infrastructure and reduce the power of nuisance of the criminal organization behind it. The company will continue to monitor their activity.

So that’s good news on the cyberwar front, and another victory for Microsoft on the way. However, these networks are particularly flexible and can quickly develop countermeasures. It’s a game of cat and mouse that never ends…

Antivirus Bitdefender Plus
Antivirus Bitdefender Plus

Par: Bitdefender

Leave a Replay