ZLoader: Is this really the end of this dangerous botnet attacking universities and hospitals?

Things are moving forward on the front of the cyberwar. Microsoft announces that it has carried out several operations against ZLoader, the botnet known to attack hospitals, businesses and schools.

Originally, ZLoader harvested logins, passwords and other personal data to steal money from its victims. The malware, however, has become capable of disabling conventional antivirus and security software.

Microsoft takes control of a dangerous botnet

Has ZLoader really been disabled? This notorious malware, sadly known for attacking businesses, universities and healthcare establishments, was particularly active and instrumentalized several cyberattack campaigns around the world. More concretely, the botnet relied on a network of infected machines in thousands of professionals and individuals to collect sensitive data. The United States, Canada and India were particularly affected, but France was not spared, especially with attacks targeting taxpayers.

Thanks to a US court order, Microsoft managed to seize 65 domains used by the ZLoader group for the command and control (C&C) servers of its botnet. In other words, the Redmond firm took control of the infrastructure of this malware, which was then used to distribute malware and ransomware. Now these domains are directed to a “sinkhole” controlled by Microsoft.

Is this really the end of ZLoader?

The company also took over the other 319 domains operated by ZLoader through its Domain Generation Algorithm (DGA), which is used to automatically create new backup domains dedicated to the botnet’s control server. ” We are also working to block future registration of DGA domains says the company in its blog post.

While Microsoft’s announcement is great news, these actions do not yet spell the end of the botnet. The tech giant admits that ZLoader has not been fully taken down, but says it is working with ISPs to identify and remediate infections on affected systems. The case was also passed on to law enforcement. Nevertheless, we know that hackers are particularly agile and reactive in implementing new countermeasures. The case is still far from over, but Microsoft has won a first battle.

Source : Microsoft