ESET Unleashes a New Data Stealing Trojan: Win32/Georbot

Security firm, ESET revealed a nasty data stealing botnet, Win32/Georbot, with many communication features recently in January 2012. The malware is capable of performing a multitude of activities, among which, stealing documents and certificates is the most specific one.

However, the Win32/Georbot botnet utilizes a Georgian governmental website for updating its command and control (C&C) information. As such, ESET researchers consider that Georgia is the target of the botnet. An extraordinary characteristic of the malware is that it spies into "Remote Desktop Configuration Files", which facilitates it to steal these files and upload them to remote machines without any vulnerable exploitation.

The most distinctive characteristic of Win32/Georbot lies in its ability to morph into new versions of the bot as an effort to remain unnoticed by anti-malware scanners.

Nevertheless, the most worrisome feature of the malware is that it continues remaining active, as evident from ESET's evidence of witnessing even the most recent variants launched lately in March 2012.

ESET researchers somehow gained access to the control panel of the botnet thus allowing them to count the number of affected machines, their locations, and infer exactly the types of commands that can actually be generated by the information-stealing Trojan application. For instance, the malware is functionalized to record audio and video feeds from the exploited PCs.

However, as a security measure, ESET intends to have a detailed discussion with the Georgian Government on the matter. Till then, the Montreal-based Senior malware Researcher at ESET seemed to be unprepared to speculate as to the intention of the person behind or even the intentions behind such pretentions, as reported by informationweek's site on March 21, 2012.

ESET, however resolves that the complexity quotient of this bot is low and expects that if the operation were to be sponsored by a state, it would have been more professional, as published in the website of infosecurity-magazine on March 21, 2012.

While drawing a conclusion on the Win32/Georbot exploits, the security firm affirmed that the botnet were created with the motive of finding out sensitive information so that it could be sold out at high price to the other organizations.

Related article: ESET Discusses malware Writers’ Trend

» SPAMfighter News - 3/30/2012