Asprox botnet
Encyclopedia
The Asprox botnet also known by its aliases Badsrc and Aseljo, is a botnet mostly involved in phishing scams
and performing SQL Injections
into websites in order to spread Malware
.
The botnet propagates itself in a somewhat unusual way, as it actively searches and infects vulnerable websites running Active Server Pages
. Once it finds a potential target the botnet performs a SQL Injections
on the website, inserting an IFrame
which redirects the user visiting the site to a site hosting Malware
..
The botnet usually attacks in waves - the goal of each wave is to infect as many websites as possible, thus achieving the highest possible spread rate. Once a wave is completed the botnet lay dormant for an extended amount of time, likely to prevent aggressive counterreactions from the security community. The initial wave took place in July, 2008, which infected an estimated 1,000 - 2,000 pages.. An additional wave took place in October 2009, infecting an unknown amount of websitesAnother wave took place in June 2010, increasing the estimated total amount of infected domains from 2,000 to an estimated 10,000 - 13,000 within a day..
searches, some high profile websites have been infected in the past. Some of these infections have received individual coverage.
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
and performing SQL Injections
SQL injection
A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker. SQL injection is a code injection technique that exploits a security vulnerability in a website's software...
into websites in order to spread Malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
.
Operations
Since its discovery in 2008 the Asprox botnet has been involved in multiple high-profile attacks on various websites in order to spread malware. The botnet itself consists of roughly 15,000 infected computers as of May, 2008, although the size of the botnet itself is highly variable as the controllers of the botnet have been known to deliberately shrink (and later regrow) their botnet in order to prevent more aggressive countermeasures from the IT Community.The botnet propagates itself in a somewhat unusual way, as it actively searches and infects vulnerable websites running Active Server Pages
Active Server Pages
Active Server Pages , also known as Classic ASP or ASP Classic, was Microsoft's first server-side script engine for dynamically-generated Web pages. Initially released as an add-on to Internet Information Services via the Windows NT 4.0 Option Pack Active Server Pages (ASP), also known as Classic...
. Once it finds a potential target the botnet performs a SQL Injections
SQL injection
A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker. SQL injection is a code injection technique that exploits a security vulnerability in a website's software...
on the website, inserting an IFrame
IFrame
iFrame can be:* I-frames, in video compression; see video compression picture types* iFrame * The HTML iframe element....
which redirects the user visiting the site to a site hosting Malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
..
The botnet usually attacks in waves - the goal of each wave is to infect as many websites as possible, thus achieving the highest possible spread rate. Once a wave is completed the botnet lay dormant for an extended amount of time, likely to prevent aggressive counterreactions from the security community. The initial wave took place in July, 2008, which infected an estimated 1,000 - 2,000 pages.. An additional wave took place in October 2009, infecting an unknown amount of websitesAnother wave took place in June 2010, increasing the estimated total amount of infected domains from 2,000 to an estimated 10,000 - 13,000 within a day..
Notable high-profile infections
While the infection targets of the Asprox botnet are randomly determined through GoogleGoogle
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
searches, some high profile websites have been infected in the past. Some of these infections have received individual coverage.
- Sony Playstation U.S.
- Adobe'sAdobe SystemsAdobe Systems Incorporated is an American computer software company founded in 1982 and headquartered in San Jose, California, United States...
Serious Magic website - Several governmentGovernmentGovernment refers to the legislators, administrators, and arbitrators in the administrative bureaucracy who control a state at a given time, and to the system of government by which they are organized...
, healthcare and businessBusinessA business is an organization engaged in the trade of goods, services, or both to consumers. Businesses are predominant in capitalist economies, where most of them are privately owned and administered to earn profit to increase the wealth of their owners. Businesses may also be not-for-profit...
related websites