MUMBAI, India – February 4, 2015 – ESET, researchers have uncovered a piece of malicious code dubbed Malware Agent.PYO, which has been busy targeting Polish diplomatic mission in Belarus in the last couple of weeks. The cyber-criminals were capable of building a botnet that fill out forms for some Visa applicants at a Polish consulate in Belarus automatically.
Downloader component of MSIL/Agent.PYO was distributed to computers located in Belarus using the Nuclear Exploit Kit. Statistics for the redirection chain shows that more than 200,000 computers were redirected to the exploit kit in about six days. What’s more, the botnet that was uncovered itself networked almost one thousand computers. ESET has provided the information on this incident to both Polish and Belarussian branches of Computer Emergency readiness Team (CERT).
“We understand that obtaining an appointment for the visa can be quite difficult at times and thus special online process is set up to have the appointment confirmed, ” says ESET researcher Sebastien Duquette adding: “Some people resorted to writing scripts to automate the process and apparently someone decided to go a step further and build a botnet specifically for the purpose of filling out the forms.”
MSIL/Agent.PYO was “inserted” into the system, and four days before the opening of the registrations its downloader component was being distributed − and only to computers located in Belarus. The fallout: more than 200,000 computers were redirected to the exploit kit in about 6 days. Over the course of 5 weeks, 925 different computers connected to the botnet.
“Surprisingly large number for a botnet with such a specific purpose,” comments Duquette.
For more details please visit: “MSIL/Agent.PYO: Have botnet, will travel” published on WeLiveSecurity.com.
# # #
Founded in 1992, ESET is a global provider of security solutions for businesses and consumers. ESET’s flagship products ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber security for Mac are trusted by millions of global users. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.
The Company has global headquarters in Bratislava (Slovakia), with regional distribution headquarters in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Prague (Czech Republic), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network in 180 countries.
In India ESET products are exclusively supplied and supported by “ESS Distribution Pvt Ltd”.The sales of ESET products are executed through the Channel Partners across India. Website: www.esetnod32.in