Incident Response, Malware, TDR, Threat Management

Asprox botnet mostly disappeared in 2015

After reaching a peak last year, researchers with Palo Alto Networks have found that campaigns leveraging the Asprox botnet have basically disappeared.

The botnet – used throughout 2014 in a series of spam campaigns to distribute malware that not only expanded the botnet, but also quietly installed additional malware on the victim's system – has gone virtually undetected since January, a Monday post said.

Palo Alto Networks does not believe that the individuals involved in the attacks have been apprehended by authorities.

“They probably shut down to figure out a new way to do the same thing,” Ryan Olson, director of intelligence with Unit 42 at Palo Alto Networks, told Olson went on to say that the attackers may have noticed researchers developing more ways to detect and neutralize their malware, to the point where it was no longer profitable.

Olson said the cybercriminals will most likely look to start fresh and rebuild their infrastructure so that it can better evade detection. Until then he recommends that people pay attention to the emails they open.

“For regular users, remain vigilant to the type of social engineering that groups use,” Olson said.

Last December, Palo Alto Networks released a report stating that in October 2014, Kuluoz, the latest version of the Asprox malware, accounted for approximately 80 percent of all malware sessions recorded by their WildFire threat intelligence service. A few weeks after the report was published the number of emails that were seen carrying the malware declined sharply until eventually they stopped completely.

The company wasn't alone in its observations. Brad Duncan, security researcher at Rackspace, wrote a blog post earlier this year about how spam messages once spreading Asprox malware were now being sent without the malware attachment.

Olson said that it usually takes days or even weeks for a new family of malware to widely deploy and connect to the previous family. 

"The attackers will be working to make it undetectable and try to make it hard for the security community to quickly associate it with the older botnet," Olson said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.