Participantes del operativo contaron cómo Microsoft eliminó la infraestructura de la botnet ZLoader

Helga Smithabril 21, 2022Última actualización: abril 21, 2022

19 1 minuto de lectura

La semana pasada, microsoft, ESET, Laboratorios Black Lotus, Redes de Palo Alto, Health-ISAC and Financial Services-ISAC took control of the infamous ZLoader botnet following an injunction issued by the U.S. Court for the Northern District of Georgia.

En el final, the company seized control of 65 hard-coded domains that ZLoader operators use to control the botnet, así como también 319 more DGA-registered domains that the hackers used to create redundant communication channels.

The ZLoader botnet consists of computing devices in businesses, hospitals, schools and homes around the world and is operated by an international criminal group that offers malware as a service (MaaS) designed to steal and extort money. During the investigation, we found that one of the perpetrators of creating a component used in the ZLoader botnet to distribute ransomware is Denis Malikov, who lives in the city of Simferopol on the Crimean peninsula. We decided to name the person linked with this case to make it clear that cybercriminals are not allowed to hide behind online anonymity to commit their crimes.los expertos dicen.

Let me remind you that around the same time, another Botnet Mierda Attacks More Than 100 Víctimas Diarias.

Zloader (Los gobiernos de Estados Unidos y Reino Unido advirtieron sobre la Terdot o DELoader) is a well-known banking Trojan that was first discovered back in August 2015 during attacks on clients of several British financial companies. Its capabilities include capturing screenshots, harvesting cookies, stealing credentials and banking information, conducting reconnaissance on the device, triggering “pinning” mechanisms on the device, providing remote access to attackers, y así. The malware is almost entirely based on the source code of the Zeus Trojan, which leaked over a decade ago.

At first, the malware was actively used to attack banks around the world, from Australia and Brazil to North America, and its ultimate goal was to collect financial data using web injections and social engineering in order to trick infected bank customers into giving up their authentication codes and credentials.

But in recent years, Zloader has evolved to include many other features, such as being able to act as a backdoor and give hackers remote access to an infected system, and it can also be used as a malware loader and to install additional payloads.

Microsoft y la red de bots ZLoader
ZLoader Attack Scheme

sin embargo, cybercriminality does not stop – we recently reported that Los gobiernos de Estados Unidos y Reino Unido advirtieron sobre la botnet attacks Los gobiernos de Estados Unidos y Reino Unido advirtieron sobre la enrutadores.

Health-ISAC’s Chief Security Officer Errol Weiss said that legal solutions, such as the one that led to the fall of the ZLoader infrastructure, are being prepared in large-scale cooperation with a wide variety of organizations, including those affected by attacks by cybercriminals. Por ejemplo, such as Health-ISAC.

Weiss told SC Media that, de hecho, microsoft has gone to court to grant them ownership of the infrastructure used by the bot.

They created a legal and technical strategy, combined, to use civil lawsuits filed against criminal gangs, botnet operators. They’d use the civil lawsuits, racketeering laws, and copyright law to show that those botnets were causing immediate harm to their customers. You can imagine all of the politics and socialization that had to happen in the background to make this happen.Errol Weiss said.

Etiquetas

Helga Smithabril 21, 2022Última actualización: abril 21, 2022

19 1 minuto de lectura

Participantes del operativo contaron cómo Microsoft eliminó la infraestructura de la botnet ZLoader

La semana pasada, microsoft, ESET, Laboratorios Black Lotus, Redes de Palo Alto, Health-ISAC and Financial Services-ISAC took control of the infamous ZLoader botnet following an injunction issued by the U.S. Court for the Northern District of Georgia.

Helga Smith

Deja una respuestaCancelar respuesta

Instrucciones de eliminación de ventanas emergentes check-tl-ver-78-1.com

Eliminar el virus QUAL Ransomware (+DECRIPTAR archivos .qual)

Instrucciones para eliminar el virus check-tl-ver-176-3.com

Eliminar el virus WATZ Ransomware (+DECRIPTAR archivos .watz)

Quitar el virus WAQA ransomware (+DECRIPTAR archivos .waqa)

Quitar el virus PAAA ransomware (+DECRIPTAR archivos .paaa)

Eliminar el virus VEPI Ransomware (+DECRIPTAR archivos .vepi)

Quitar el virus VEHU ransomware (+DECRIPTAR archivos .vehu)

Quitar el virus VEZA ransomware (+DECRIPTAR archivos .veza)

Quitar el virus QEZA ransomware (+DECRIPTAR archivos .qeza)

Quitar el virus QEHU ransomware (+DECRIPTAR archivos .qehu)

Eliminar el virus CEPI Ransomware (+DECRIPTAR archivos .qepi)

Quitar el virus BAAA ransomware (+DECRIPTAR archivos .baaa)

Quitar el virus BGZQ ransomware (+DECRIPTAR archivos .bgzq)

Eliminar el virus BGJS Ransomware (+DECRIPTAR archivos .bgjs)

La semana pasada, microsoft, ESET, Laboratorios Black Lotus, Redes de Palo Alto, Health-ISAC and Financial Services-ISAC took control of the infamous ZLoader botnet following an injunction issued by the U.S. Court for the Northern District of Georgia.

Helga Smith

El malware ZingoStealer se distribuye entre los delincuentes de forma gratuita

Los sitios de Darknet del grupo REvil están funcionando nuevamente: hacer que los rusos liberen a los ciberdelincuentes en la naturaleza?

Deja una respuestaCancelar respuesta

Publicaciones relacionadas

Nueva versión de Magniber Ransomware amenaza Windows 11 Usuarios

El extorsionador de buena voluntad obliga a las víctimas a hacer buenas obras

La botnet rusa Fronton puede hacer mucho más que ataques DDoS masivos

Microsoft advierte sobre el aumento de la actividad del malware XorDdos