Microsoft has carried out another legal-technical takedown against cyber criminals, this time to dismantle the ZLoader botnet’s infrastructure.
Microsoft has now received a court order from the US District Court for the Northern District of Georgia that allowed it to seize 65 domains the ZLoader gang had been using for command and control (C&C) for its botnet built from malware that infected businesses, hospitals, schools, and homes.
Those domains now direct to a Microsoft sinkhole, outside of the control of the ZLoader gang.
Microsoft also gained control over the domains ZLoader used for its domain generation algorithm (DGA), which are used to automatically create new domains for the botnet’s C2.
“Zloader contains a domain generation algorithm (DGA) embedded within the malware that creates additional domains as a fallback or backup communication channel for the botnet. In addition to the hardcoded domains, the court order allows us to take control of an additional 319 currently registered DGA domains. We are