1. Computing

Asprox Botnet

By

What is Asprox?:

The Asprox botnet was originally used primarily for phishing scams. In 2008, the Asprox botnet began employing the bots to discover vulnerable Active Server pages (asp) on weakly configured websites. Once discovered, the bots automatically attempt SQL injection attacks in order to embed malicious iframes and external javascript reference. Once a web site has been compromised by Asprox, that website silently delivers exploit code used to deliver malware to susceptible visitors' computers. The infected PCs then seek out new vulnerable web sites to compromise and thus the Asprox infection/compromise continues to spread.

What is a Botnet?:

A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Bots communicate with botnet command and control (c&c) servers, enabling the remote attacker to update existing infections, push new malware, or instruct the infected computer to carry out specific tasks. In general, the presence of the bot gives the remote attacker the same abilities as the legitimate logged in user.

More About Asprox:

The change from phishing to SQL injection is believed to be a move by the Asprox attackers to build a bigger botnet. Doing so enables the Asprox botnet to be positioned as a botnet-for-hire, which would enable the Asprox attackers to sell space or services on the botnet for a fee. Tyically, botnets-for-hire are used for everything from phishing attacks to steal banking credentials, to intellectual property theft targeting corporations and governments, to acting as a spam relay and email harvester.
  1. About.com
  2. Computing
  3. Antivirus Software
  4. Malware Information
  5. Asprox Botnet

©2014 About.com. All rights reserved.