Jump to content

Asprox botnet causing serious concern


nsane.forums

Recommended Posts

nsane.forums

medium.jpg

Security experts warn of huge rise infected sites

Security researchers are warning of a rapidly growing number of web sites infected by the Asprox spam botnet.

Asprox is capable of launching SQL injection attacks, and has more than doubled its appearance on application service provider (ASP) sites from 5,000 to 11,000 overnight, according to M86 Security.

The firm has tagged the botnet with a 'high severity' badge, meaning that it is particularly serious.

M86 Security threat analyst Rodel Mendrez said in a blog post that Asprox had been used only to send spam, but that it is now responsible for SQL injections and the "mass infection" of web sites.

"This week our suspicions were confirmed when we came across another version of Asprox which started to launch spam and SQL injection attacks," he said.

Once in place the bots attempt to contact three domains with a .ru address. Mendrez said that these are Asprox control servers that return spam templates, target email addresses and malware updates, and list ASP sites to target.

The botnet also downloads an encrypted XML file that offers information such as Google search terms for finding more targets."Asprox is back with a vengeance, and doing typically Asprox-like things, namely spamming and SQL injection. Anyone have a feeling of déjà vu?" said Mendrez.

view.gif View: Original Article

Link to comment
Share on other sites


  • Views 752
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...