Slovakian Security Firm Detects Botnet Cyber-Spying connected to Nation of Georgia's Website

From: Dan Gordon


ESET, a Slovakian security firm, claims that the Georgian government’s website figured in a botnet’s cyber-spying on denizens of that nation. Win32/Georbot infected a small number of computers, approximately 200, primarily in Georgia, with 30% located in the United States, Germany, and Russia. According to ESET researcher Righard Zwienenberg, the Georbot searched on the hard drives for data, and in addition possessed the capacity to obtain audio and video whenever the microphone and webcam of a computer were operating. The remote control of the Georbot furthermore directed the theft of documents and certificates, and the search for particular words in documents, including “service,” “secret,” “agent,” “USA,” “Russia,” “Georgia,” “FBI,” “CIA,” “KGB,” and “FSB.” ESET divulged that the malware’s evolution appeared to be still in progress, since new versions came to light on the 19th of this month.



The question that immediately springs to mind is whether Georgia itself was involved in the cyber-spying or if possibly the website had been manipulated by a foreign country. ESET had found proof of the Georbot’s role as malware two months ago and proceeded to inform the Georgian Computer Emergency Response Team (CERT) about its discovery. However, the Georgia Ministry of Justice’s Data Exchange Agency, as well as the national CERT, already were cognizant of the aforementioned state of affairs, and had been since last year. Zwienenberg could not explain why the Georgian government permitted the Georbot to continue functioning, and disclosed that Georgian sources were closed mouth about the situation. He suggested that a Georgian government official might have been commanding the Georbot. The most likely scenario, put forth by ESET, was that cyber criminals employed it to secure confidential data which could then be offered for sale. The reasoning behind this theory was that although the Georbot was equipped with clandestine features, not all of the information was coded, and therefore it was not advanced enough to make it the likely instrument of government espionage.