Wednesday, 19 June 2013
ESET spots Georgia linked botnet site
ESET spots Georgia linked botnet site
By Ellen Messmer, Network World (US) | Mar 26, 2012
0 comments
Digg
PrintA security firm in Slovakia is asserting that a website operated by the country of Georgia has been used as part of a botnet to conduct cyber-espionage against that country's residents.
But does that mean Georgia is conducting the cyber-espionage, or that its website run by the Georgia government is compromised by enemies of the country? Because the botnet's command-and-control operations lack some elements of stealth that might be expected, the Slovakian security firm that spotted it -- ESET -- reports it may simply be "a group of cyber criminals trying to find sensitive information in order to sell it to other organizations."
Win32/Georbot has a command-and-control structure that has exploited the website of the Georgian government for some time to drive some controls, says ESET researcher Righard Zwienenberg. When ESET detected evidence of Georbot as malware in January, it contacted the Georgian CERT. As it turns out, the Data Exchange Agency of the Ministry of Justice of Georgia and its national CERT were fully aware of the situation as early as 2011 and have been monitoring Georbot, now in cooperation with ESET.
Georbot is primarily a cyber-espionage botnet that has infected only about 200 computers that appear to be mainly in the country of Georgia, though about 30% of them are in the U.S., Germany and Russia. It's not clear who these individuals are, Zwienenberg says, but Georbot is "looking on their hard drives for documents," and can also capture audio and video when the computer's webcam and microphone are in use.
Georbot is also remotely controlled to steal documents and certificates, and look for certain words in documents, among them "ministry," "service," "secret," "top," "agent," "army," "USA," "Russia," "Georgia," "major," "Colonel," "FBI," "CIA," "phone number," "east," "program," "KGB," "FSB" and other political and personal information.
Based on ESET's analysis, Georbot does have features to hide itself. But it's not especially sophisticated since it has left some information unencrypted, lending doubt to whether a capable government spy operation from any country would be operating this. ESET got a look at the control panel for it to analyze what it was doing.
Similar
Add comment
knowledge_central_tab
Knowledge Central
Accelerating the Deployment of the Evolved Cyber Range
Ixia BreakingPoint creates an Internet-scale cyber range environment from a single 7-inch-high device for arming and training cyber warriors. Learn how BreakingPoint can be used by organizations to defend national interests by assessing, educating, and certifying elite cyber warriors and equipping those forces to harden the resiliency of critical network and data center infrastructures.
A Six-Step Plan for Competitive Device Evaluations
This paper presents a six-step methodology for conducting competitive product evaluations that provide advance insight into the performance, security, and stability of devices within production network and data center environments. Following this will give insights on how to evaluate and select the network or security devices for Enterprise, Federal, and Carrier Infrastructures
A Case Study of Eurograbber: How 36 Million Euros was Stolen via Malware
This is a case study about a sophisticated, multi-dimensional and targeted attack that stole an estimated 36+ million Euros from more than 30,000 bank customers from multiple banks across Europe.
Symantec, Singapore school partner to nurture next-generation security talents
Symantec Corp. and the Singapore Management University will jointly train and equip IT security professionals with the latest knowledge and skill sets in information security.
