Security News > 2022 > April > Microsoft-led move takes down ZLoader botnet domains

Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using as command-and-control servers.

The tech giant's Digital Crimes Unit obtained a court order to take down the domains, which are now directed to a Microsoft-controlled sinkhole so they can't communicate with the botnet.

In addition to the 65 hardcoded domains, the court order also allows Microsoft to take control of an additional 319 registered domains that the botnet uses as a backup communication channel.

Microsoft said it's working to block future registration of these so-called domain generation algorithm domains.

According to Microsoft, he is one of the creators of a component that the botnet uses to distribute ransomware.

ZLoader has also moved away from using email as an initial vector and instead turned toward ads on search engines that trick users into visiting malicious websites, the Microsoft Defender team added.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/04/14/microsoftled_zloader_botnet/