Asprox is back!

Security researchers warn of a fast increase in the infected website with spam-botnet Asprox. Asprox botnet is carrying out attack using SQL-injection, which allowed this botnet to double its presence on the service provider’s access application. For one night the number of compromised resources increased from 5 to 11 thousand.

The botnet usually starts by scanning the network searching for a vulnerable host and if it detects a vulnerable website it conducts an attack on the targeted hosts.

M86 Security Company are currently monitoring and tracking the new threat. On a blog post Rodel Mendrez reported that the pattern of Asprox behavior have changed, while previously it used only to send spams, now it is implementing a massive SQL-injection.

As of this writing, there are three fast-flux domains that the bot attempts to contact.

CL63AMGSTART.RU
HYPERVMSYS.RU
ML63AMGSTART.RU

These three servers are the bot command and control servers, by analyzing the malware binary there are SQL statement as the picture shows:

By decrypting the XML file which the bot receives. Screen shot shows information about the targeted website:

And finally a simple search on Google shows that more than 5000 websites already infected.

As you can see that criminals are always searching for new ways to spread their malwares.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
11 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] This post was mentioned on Twitter by SecureTechnology, Andréz Lamouroux. Andréz Lamouroux said: Asprox is back! http://bit.ly/cvyuZK […]

trackback

RT @sectechno: Asprox is back! http://www.sectechno.com/2010/06/27/asprox-is-back/ #security #infosec

trackback

RT @sectechno: Asprox is back! http://www.sectechno.com/2010/06/27/asprox-is-back/ #security #infosec

trackback
trackback

RT @MBenLakhoua: RT @sectechno: Asprox is back! http://www.sectechno.com/2010/06/27/asprox-is-back/ #security #infosec

trackback

RT @Sectechno Asprox is back! http://bit.ly/bBcATO

trackback

RT @MBenLakhoua: RT @sectechno: Asprox is back! http://www.sectechno.com/2010/06/27/asprox-is-back/ #security #infosec

trackback

RT @sectechno: #Asprox is back! http://www.sectechno.com/2010/06/27/asprox-is-back/ #security #infosec #spam

trackback

RT @sectechno: Asprox is back! http://www.sectechno.com/2010/06/27/asprox-is-back/ #security #infosec

trackback

RT @Hfuhs: #Spam-#botnet #Asprox is back! – http://fuhs.eu/1nt

trackback

#Spam-#botnet #Asprox is back! – http://fuhs.eu/1nt