Asprox botnet causing serious concern

[nsane.forums]

Security experts warn of huge rise infected sites

Security researchers are warning of a rapidly growing number of web sites infected by the Asprox spam botnet.

Asprox is capable of launching SQL injection attacks, and has more than doubled its appearance on application service provider (ASP) sites from 5,000 to 11,000 overnight, according to M86 Security.

The firm has tagged the botnet with a 'high severity' badge, meaning that it is particularly serious.

M86 Security threat analyst Rodel Mendrez said in a blog post that Asprox had been used only to send spam, but that it is now responsible for SQL injections and the "mass infection" of web sites.

"This week our suspicions were confirmed when we came across another version of Asprox which started to launch spam and SQL injection attacks," he said.

Once in place the bots attempt to contact three domains with a .ru address. Mendrez said that these are Asprox control servers that return spam templates, target email addresses and malware updates, and list ASP sites to target.

The botnet also downloads an encrypted XML file that offers information such as Google search terms for finding more targets."Asprox is back with a vengeance, and doing typically Asprox-like things, namely spamming and SQL injection. Anyone have a feeling of déjà vu?" said Mendrez.

View: Original Article