Zloader, a relatively well-known and highly sophisticated Trojan, was recently identified and rendered inoperable by Microsoft’s Digital Crime Unit.
They revealed the exact way the malicious data thief program operates, and even named the exact person who was behind the crimes. The distribution of the Zloader can be associated with a man named Denis Malikov, who now belongs to Russia and lives in the Crimea, who could certainly be a member of a larger gang.
Zloader has been known since 2015. It has infected computers of banks, businesses, hospitals, schools and individual users all over the world. Initially, it was intended to rob users by obtaining bank credentials. Zloader has also been able to deceive antivirus programs for a long time. Over time, Zloader was distributing software as a service that essentially attacked healthcare facilities with a virus identified as Ryuk, from which they also attributed money to endangering patients themselves.
Zloader creates and controls an entire network of malware-infected servers, the botnet, in which case the devices act as part of the cybercrime network without users knowing about it. To extend and manage the network and maintain connectivity between devices, cybercriminals have gained control of a number of Internet domain addresses. To date, 65 such domains have been identified, which is what Microsoft called them. using the sink technique. A domain creation algorithm (DGA domain generation algorithm) built into Zloader has created more and more domains through which the botmaster (bottom control center) stays in contact with zombie computers. In the United States, a court order allowed Microsoft to control 319 recently registered DGA domains in addition to physically encrypted domains.
Microsoft is now preventing the registration of additional DGA domains.
