Breaking a Botnet: Microsoft, Health-ISAC Talk Taking on ZLoader
In mid-April 2022, Microsoft, Health-ISAC (H-ISAC), and Financial Services-ISAC (FS-ISAC) disrupted a malicious Zloader botnet variant. Tomorrow, REN-ISAC will host a webinar featuring Rich Boscovich (Assistant General Counsel-Digital Crime Unit/Malware Analysis & Disruption Team, Microsoft) and Errol Weiss (Chief Security Officer, H-ISAC) to discuss ZLoader, Microsoft’s disruption techniques, and what you can do to participate in future botnet disruptions actions.
ZLoader or Zbot refers to a family of malware that installs trojans onto computers and systems, bringing them under control of an attacker’s botnet. The botnet targeted for takedown used a web of devices in businesses, hospitals, schools, and homes around the world to steal and extort money. In addition, the botnet was being monetized with access-as-a-service and malware-as-a-service being sold to other malicious groups like Ryuk, DarkSide, and BlackMatter.
Microsoft, H-ISAC, and FS-ISAC collaborated to create a sinkhole to redirect the malicious ZLoader domains where they are isolated and contained. The sinkhole also enables security researchers to analyze ZLoader’s activity providing more insight into its tactics and techniques.