From Georgia, with love Win32/Georbot
(Publication) Google search: [1]
| From Georgia, with love Win32/Georbot | |
|---|---|
| |
| Botnet | |
| Malware | Georbot |
| Botnet/malware group | |
| Exploit kits | |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / |
| Editor/Conference | ESET |
| Link | http://blog.eset.com/wp-content/media files/ESET win32georbot analysis final.pdf blog.est.com (pdf) (blog.est.com (pdf) Archive copy) |
| Author | |
| Type | |
Abstract
“ At the beginning of the year, a curious piece of malware came to our attention. An analyst in our virus laboratory
noticed that it was communicating with a domain belonging to the government of Georgia to retrieve updates. Analysis revealed that this malware is an information stealing trojan and is being used to target Georgian nationals in particular. We were also able to gain access to the control panel of the threat, revealing the extent and the intent of this operation. We present our findings in this document. It should be also noted that the Data Exchange Agency of the Ministry of Justice of Georgia and its national CERT were fully aware of the situation as early as 2011 and, parallel to its own – still ongoing – monitoring, have cooperated with ESET on this matter.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR951,
editor = {ESET},
author = {},
title = {From Georgia, with love Win32/Georbot},
date = {26},
month = Apr,
year = {2012},
howpublished = {\url{http://blog.eset.com/wp-content/media_files/ESET_win32georbot_analysis_final.pdf blog.est.com (pdf)}},
}