Is this really the end of the ZLoader malware? Notorious for attacking healthcare facilities and businesses, this botnet was taken down by Microsoft.
ZLoader is a botnet that relies on a network of infected machines in companies, hospitals, schools and private homes. Particularly active, he worked last year in cyber-attack campaigns around the world, including in France. Thus professional couriers have been targeted for collecting sensitive data.
“Malware as a Service”
Following a court order, Microsoft was able to exploit this malware as “Software as a Service” (SaaS) controlled by an organized criminal network. Its purpose is to steal and extort money. Windows Publisher has taken control of 65 domain names used by this network, as well as 319 other domain names linked to the domain name generator algorithm integrated into the malware.
Microsoft explains that originally, ZLoader stole login credentials, passwords and other information to extort money from its victims. But the software was able to disable even the most common antivirus and security software, thanks to a specific component. Therefore, the affected individuals and institutions could no longer detect the infection.
ZLoader has also been used to develop other malware such as Ryuk ransomware, which targets health institutions for ransom. The operation carried out by Microsoft is aimed at shutting down ZLoader’s infrastructure and reducing the harmful force of the criminal organization behind it. The company will keep an eye on their activities.
So that’s good news on the cyber warfare front, and there’s another victory for Microsoft on the way. However, these networks are particularly flexible and can quickly develop countermeasures. It’s a game of cat and mouse that never ends…
by: bitdefender