Researchers have found that attackers behind the Asprox botnet have never retreated, instead continuing their spam and malware bombardments with a new set of tactics.
According to a research paper on the Asprox botnet recently released by Trend Micro, compromised machines now are instructed to scan legitimate websites for vulnerabilities so malware can be distributed on them. In addition to spreading malware through phishing emails, the botnet – first detected in 2007 and which has morphed over the years – also skirts detection by using RC4 encryption and legitimate email accounts to spam other users.
This time around, Asprox botnet attackers are also using spam templates in various languages to widen their impact worldwide. In 2008, the Asprox botnet used SQL injection attacks to infect more than 2,000 sites.