HackDig : Dig high-quality web security articles for hacker

What Happened to You, Asprox Botnet?, (Sun, Mar 8th)

2015-03-08 02:45

Earlier this year, @Techhelplistcom reported the spam and landing site infrastructure used to spread Asprox malware switched to porn-related URLs [1]. This started back in mid-January 2015, and I still havent seen much about it in the open press. Since then, thisinfrastructure has continued spreading links to pornography or diet-related scams [2] [3].

Were still seeing the malicious emails with the same type of subject lines, but these typically have a zip file attachment with a javascript file inside (.js). The image below contains an example of the malicious spam Ive seen with fake toll road debt subject lines. These all have the zip attachments of .js files. This spam is Asprox-like in subject matter, but the malware is different than what weve previously seen with Asprox botnet. Ive asked a few other people about this. From what I can tell,no one yet" />

What happened to you, Asprox botnet? Are you only spreading spam, now?

The Asprox botnetfirst emerged in 2007 [4]. This botnet sent a large amount of spam over the years, including malicious spam (malspam) containing malware designed to infect a users computer, making it part of the Asprox botnet.

Thismalspam had malicious zip file attachments, or it had links pointing to compromised servers hosting the malware. " />
Shown above: an Asprox">Shown above: anAsproxbotnetemail with a link to the malware.

Sites like techhelplist.com have plenty of examples of Asprox emails [5]. In the absence of anything interesting, I could always find an email from the Asprox botnet and analyze some familiar malware. Thats not the case now.This seems to be the end of an era, at least for themalwarespam[6].

Ive included some images below from the Asprox botnet emails Ive collected over the past few months. Consider this an Asprox botnet greatest hits collection.Like many greatest hits compilations, Im sure people will find their favorites missing from this collection. " />

---

Brad Duncan, Security Researcher at Rackspace
Blog: www.malware-traffic-analysis.net - Twitter: @malware_traffic

References:

[1] https://twitter.com/Techhelplistcom/status/558085217907638272
[2] https://twitter.com/Techhelplistcom/status/562997176729874432
[3] https://twitter.com/Techhelplistcom/status/570428997043032064
[4] http://www.trendmicro.com/media/wp/asprox-reborn-whitepaper-en.pdf
[5] https://techhelplist.com/index.php/component/tags/tag/11-asprox
[6] https://twitter.com/herrcore/status/573329942294884352

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Source: ssr;pma&53491=diyrots?lmth.yraid/ude.snas.csi

Read:1425 | Comments:0 | Tags:No Tag

“What Happened to You, Asprox Botnet?, (Sun, Mar 8th)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud