Asprox, a.k.a. Zortob, is an old botnet that was uncovered in 2007. It is known to spread by arriving as an attachment in spam emails that purport to be from well-known companies. The attachment itself is disguised as a legitimate document file by using icons such as those of a .doc or .pdf file. Figure 1. Asprox malware posing as a Microsoft Word document. This blog post will give an overview on Asprox's functionality with a focus on the changes in its communication with the command-and-control (C&C) server, including a new C&C command,... [Read More]
by RSS Long Tran  |  Jul 28, 2014  |  Filed in: Security Research
File infectors are malware that are capable of attaching themselves to executable files, e.g. "calc.exe" and "notepad.exe". When we run an infected file, we don't notice that "calc.exe" is infected, since it still shows the calculator running properly. But, behind the scenes, the malware is doing its malicious activities. In this post, we will look into Expiro. It is not a new file infector, but it comes back from time to time with a different punch. Expiro's Characteristics Usually, a file infector changes the entry point of the host file during... [Read More]
by RSS Raul Alvarez  |  Sep 02, 2013  |  Filed in: Security Research