Researchers: Asprox Botnet Is Resurging
Spambot infected more than 10,000 service providers in three days, M86 study says
The botnet Asprox, long known for its spamming capabilities, resurged last month, according to a new first-half lab report by M86 Security.
Asprox, which also uses SQL injection techniques to infect vulnerable application service provider (ASP) sites on a large scale, showed a large spike in activity in June, infecting more than 10,000 ASPs in a three-day period, M86 says. The bot downloads instructions, which include target ASP websites, and then performs an SQL injection attack that attempts to poison data in the underlying SQL database serving the site.
More Security Insights
White PapersMore >>
- Agile Service Desk: Keeping Pace or Getting out Paced by New Technology?
- Inside Threats: Is Your Company at Risk?
Interestingly, the botnet used a simple Google search to seek out additional vulnerable ASP sites, M86 says.
Asprox is typical of the new breed of combined attacks that grew significantly in the first half of 2010, according to the report, which outlines a number of trends in spam and malware.
"Traditional methods [of attack], such as spambots and dynamic code obfuscation, are still very much in use," said Bradley Anstis, vice president of technology strategy at M86 Security. "However, the first half of 2010 has also seen the emergence of new, advanced methods -- as seen in the new combined attacks. Cybercriminals continue to try and outsmart even the latest Internet security protection mechanisms."
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.