Win32/Georbot – Information Stealing Trojan and Botnet Operating in Georgia

Earlier this year researchers at ESET, the leader in proactive protection against cyber-threats, discovered a botnet that has some very interesting communication features. Amongst other activities, it tries to steal documents and certificates, is capable of creating audio and video recordings and browses the local network for information. Interestingly, it uses a Georgian governmental website to update its command and control information and ESET researchers therefore believe that Win32/Georbot is targeting computer users in Georgia. Yet another unusual characteristic of this malicious program is that it looks for “Remote Desktop Configuration Files” and thereby enables attackers stealing these files to upload them to remote machines without exploiting any vulnerability. What is more worrying is that the development of this malware is ongoing; ESET has found fresh variants in the wild as recently as March 20th.