Georbot

According to ESG security analysts, Georbot is both the name of a Trojan designed to steal data from infected computers and a fast-growing botnet made up of computer systems infected with the Georbot Trojan. Georbot receives its name from the former Soviet republic of Georgia, since the majority of all the computer systems that are at present infected with this attacker are located in this country. It also seems that Georbot targets computer systems located in this republic specifically. Georbot has caught the attention of PC Security researchers because Georbot has several characteristics that are unique and that will be devastating if they become common among other, more popular botnets. Georbot has the capability of stealing data, recording both audio and video and search local networks for specific data. One of the most damning characteristics of the Georbot malware threat is the fact that its command and control server is a website belonging to the Georgian government, making this malware threat particularly interesting.

Worrying Characteristics of the Georbot Trojan and Botnet

The Georbot Trojan also searches for any Remote Desktop files, uploading them then to a remote server, allowing criminals to take over the infected computer system completely, without the need to install a specific Remote Access Trojan. Georbot is able to change itself by updating to new versions that dodge common anti-malware software tactics. In case Georbot cannot connect to its specific command and control server, Georbot uses the infected computer's web browser to connect to a web page that is also hosted by a Georgian government server.

However, this is not to say that the Georbot Trojan is officially the work of the Georgian government. Servers are often compromised without their owners being aware of the intrusion. In fact, ESG security analysts report that the branch of the Ministry of Justice of Georgia that is concerned with computer security has been fighting the situation since 2011 and have cooperated fully with PC malware analysts from all around the world. As of the writing of this report, about seventy percent of infected computers are located in Georgia, although this infection has spread to the United States, the Russian Federation and Germany. Looking at the Georbot Trojan, one finds that Georbot contains a content designed to steal specifically information related to government intelligence agencies, such as the CIA and KGB, making its possible origin the subject of much discussion.