ZLoader
經法院許可, 微軟奪取了控制權 65 用於控制 Zloader 殭屍網路的域. It was possible to identify them through the joint efforts of a working group, which also included experts from ESET, Black Lotus Labs (as part of Lumen), 阿瓦斯特, and the Unit 42 division of the Palo Alto Networks security company.
Now, when searching for C2 at the address sewn into the code, requests from resident bots are redirected to a dummy Microsoft server (sinkhole). The court order also makes it possible to neutralize another 319 domains registered by bot growers. These names are generated by DGA (the malware uses this mechanism as a fallback), and the working group is already taking action to block similar registrations in the future.
ESET ‘s statement on the matter refers to three Zloader botnets: experts distinguish them by the version of the malware they use. Infections have been recorded worldwide, with the highest concentration in North America, Japan, and Western Europe.
During the investigation, it was also possible to identify the creator of the malware component used to upload ransomware to the botnet; the craftsman turned out to be Denis Malikov from Simferopol.
SwiftSeek Chrome 擴充病毒
我們的研究人員最近遇到了 SwiftSeek, 在對可疑網站進行例行檢查期間,在由誤導性網頁推廣的安裝程序中發現瀏覽器擴充功能. SwiftSeek 等瀏覽器劫持者發生變化…
語音病毒 (.文件的聲音) 勒索軟體
Hlas 病毒是 STOP/Djvu 勒索軟體家族的新成員,針對 Windows PC. 它透過加密檔案和附加一個檔案來造成嚴重的破壞。 “.嗓音” 延伸到他們的…
According to Microsoft, the effort’s goal was to deactivate Zloader’s C2 infrastructure. The enemy, of course, will try to restore contact with the lost bots, but law enforcement agencies have already been notified and will be on the alert. Information security experts will continue to monitor developments on this front.
The modular Zloader Trojan first appeared on the Internet scene in 2007 and was initially used only to steal financial information from owners of Windows machines. 然而, he also learned to steal other data (from browsers, Microsoft Outlook), log keyboard input, take screenshots, evade detection, and download additional malware, including ransomware.
Zloader owners began to rent out their botnet, charging for access to infected computers using the MaaS (Malware-as-a-Service) model. 很遺憾, according to Microsoft, the criminal groups behind Ryuk, DarkSide, and BlackMatter took advantage of this convenience. MaaS malware is distributed in various ways, most often through spam or malicious ads in search results.
Since last year, Zloader’s popularity as a downloader has declined, and now only two cybergroups use it, according to ESET. 然而, it is too early to relax: experts have discovered a new version of the Trojan, 2.0, in the wild (test samples compiled in July last year).