ESET researchers have uncovered a piece of malicious code dubbed Malware Agent.PYO, which has been busy targeting Polish diplomatic mission in Belarus in the last couple of weeks. The cyber-criminals were capable of building a botnet that fill out forms for some Visa applicants at a Polish consulate in Belarus automatically.
Downloader component of MSIL/Agent.PYO was distributed to computers located in Belarus using the Nuclear Exploit Kit. Statistics for the redirection chain shows that more than 200,000 computers were redirected to the exploit kit in about six days. What’s more, the botnet that was uncovered itself networked almost one thousand computers. ESET has provided the information on this incident to both Polish and Belarussian branches of Computer Emergency readiness Team (CERT).
“We understand that obtaining an appointment for the visa can be quite difficult at times and thus special online process is set up to have the appointment confirmed,” says ESET researcher Sebastien Duquette adding: “Some people resorted to writing scripts to automate the process and apparently someone decided to go a step further and build a botnet specifically for the purpose of filling out the forms.”
MSIL/Agent.PYO was “inserted” into the system, and four days before the opening of the registrations its downloader component was being distributed − and only to computers located in Belarus. The fallout: more than 200,000 computers were redirected to the exploit kit in about 6 days. Over the course of 5 weeks, 925 different computers connected to the botnet.
“Surprisingly large number for a botnet with such a specific purpose,” comments Duquette.
For more details read the blogpost by Sebastien Duquette “MSIL/Agent.PYO: Have botnet, will travel“ published on WeLiveSecurity.com.
Since 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires. For more information visit www.eset.com or follow us on LinkedIn, Facebook and Twitter.