Asprox botnet malware morphs

Share this article:
The Asprox botnet, initially exclusively used for phishing scams, is now an SQL injection vector for website attacks.

According to SecureWorks, provider of managed security services, the attack tool has infected more than 2,000 websites as of Thursday afternoon. It is used to grab victims while they're surfing the web, building up the Asprox bot family. The same people behind Asprox are responsible for Danmec, a password-stealing trojan.

Joe Stewart, director of malware research at SecureWorks, has been monitoring Asprox for more than a month. He said it had been the only bot focused on phishing, but that focus changed when he noticed a binary on a system performing SQL injection attacks.

“It appears to be trying to build up the size of the botnet, infecting people through web pages by adding an IFRAME,” Stewart told SCMagazineUS.com on Thursday.

The attacks occur on websites that are running Microsoft SQL-SVR (Server) that already have some sort of vulnerability, he added. Also, the botnet takes advantage of unpatched Microsoft Internet Explorer browsers. The attack targets range from small businesses to universities.

“It is basically working through random Google searches,” Stewart said. “It feeds random phrases and goes out and searches for those phrases.”

The botnet attempts to compromise any page that comes back with an .asp suffix and uses a defined parameter, such as ID.

While Asprox has been a minor player in the botnet field, Stewart said it is obvious it is trying to build itself up in a big way.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.