The Microsoft Security division is going after the ZLoader botnet and the perpetrators behind it. In its latest efforts, Microsoft is taking legal and technical action to disrupt the threat group that provides ZLoader as a malware service for hackers.
As well as taking down associations to the botnet and seeking legal paths, Microsoft has also named and shamed one of the attackers behind ZLoader. Specifically, that is Denis Malikov, who is from Simferopol on the Crimean Peninsula.
Microsoft Security carried out an investigation into the botnet and found Malikov. According to the company, publicly naming the criminal will be a warning to other malicious actors that they cannot remain anonymous:
“We chose to name an individual in connection with this case to make clear that cybercriminals will not be allowed to hide behind the anonymity of the internet to commit their crimes.”
ZLoader is a powerful botnet that has previously been seen as macro malware attacks on Microsoft Excel XLM among other platforms. As part of its investigation, Microsoft sought a court order to seize control of 65 domains the threat actor is using to grow ZLoader and distribute it as a malware-as-a-service:
“The domains are now directed to a Microsoft sinkhole where they can no longer be used by the botnet's criminal operators. Zloader contains a domain generation algorithm (DGA) embedded within the malware that creates additional domains as a fallback or backup communication channel for the botnet. In addition to the hardcoded domains, the court order allows us to take control of an additional 319 currently registered DGA domains. We are also working to block the future registration of DGA domains.”
Microsoft is eager to point out this is certainly not the end of ZLoader. The company says this disruption is significant, but it expects the threat actors behind the botnet will try to revive it.
Tip of the day: It's a good idea to backup your computer on a regular basis, and the most fool-proof way is to manually create a disk image and save it to an external hard drive.