Asprox botnet

Since its discovery in 2008 the Asprox botnet has been involved in multiple high-profile attacks on various websites in order to spread malware. The botnet itself consists of roughly 15,000 infected computers as of May, 2008,{{cite web|url=https://www.theregister.co.uk/2008/05/14/asprox_attacks_websites |title=Botnet sics zombie soldiers on gimpy websites; More SQL injection insanity |first=Dan |last=Goodin |work=.theregister.co.uk |publisher=The Register |location=London, UK |date=2008-05-14 |accessdate=2014-01-09}} although the size of the botnet itself is highly variable as the controllers of the botnet have been known to deliberately shrink (and later regrow) their botnet to prevent more aggressive countermeasures from the IT Community.{{cite web|last=Hines |first=Matthew |url=http://securitywatch.eweek.com/botnets/asprox_botnet_attacks_come_back.html |title=Botnets – Asprox Botnet Attacks Come Back – eWeek Security Watch |publisher=Securitywatch.eweek.com |date=2009-10-06 |accessdate=2010-07-30}}

The botnet propagates itself in a somewhat unusual way, as it actively searches and infects vulnerable websites running Active Server Pages. Once it finds a potential target the botnet performs a SQL injection on the website, inserting an IFrame which redirects the user visiting the site to a site hosting Malware.{{cite web|author=Michael Zino|url=http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx|title=ASCII Encoded/Binary String Automated SQL Injection Attack|publisher=bloombit.com|date=2008-05-01|access-date=2011-03-21|archive-url=https://web.archive.org/web/20080601094431/http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx|archive-date=2008-06-01|url-status=dead}}

The botnet usually attacks in waves – the goal of each wave is to infect as many websites as possible, thus achieving the highest possible spread rate. Once a wave is completed the botnet lay dormant for an extended amount of time, likely to prevent aggressive counterreactions from the security community. The initial wave took place in July, 2008, which infected an estimated 1,000 – 2,000 pages.{{cite web |author=Sue Marquette Poremba |url=http://www.scmagazineus.com/asprox-botnet-malware-morphs/article/110169/ |title=Asprox botnet malware morphs |publisher=SC Magazine US |date=2008-05-15 |accessdate=2010-07-30 |archiveurl=https://web.archive.org/web/20100701031546/http://www.scmagazineus.com/asprox-botnet-malware-morphs/article/110169/ |archivedate=1 July 2010 |url-status=dead }}{{cite web|url=http://cyberinsecure.com/asprox-botnet-mass-attack-hits-governmental-healthcare-and-top-business-websites/ |title=Asprox Botnet Mass Attack Hits Governmental, Healthcare, and Top Business Websites |publisher=CyberInsecure.com |date=2008-07-18 |accessdate=2010-07-30}} An additional wave took place in October 2009, infecting an unknown number of websites. Another wave took place in June 2010, increasing the estimated total number of infected domains from 2,000 to an estimated 10,000 – 13,000 within a day.{{cite web|author=David Neal |url=http://www.v3.co.uk/v3/news/2265398/asprox-spambot-digging |title=Asprox botnet causing serious concern - V3.co.uk - formerly vnunet.com |publisher=V3.co.uk |accessdate=2010-07-30| archiveurl= https://web.archive.org/web/20100701025253/http://www.v3.co.uk/v3/news/2265398/asprox-spambot-digging| archivedate= 1 July 2010 | url-status= live}}{{cite web|url=http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=225800197 |title=Researchers: Asprox Botnet Is Resurging – botnets/Attacks |date=15 July 2010 |publisher=DarkReading |accessdate=2010-07-30| archiveurl= https://web.archive.org/web/20100719101326/http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=225800197| archivedate= 19 July 2010 | url-status= live}}{{cite web|url=http://www.m86security.com/documents/pdfs/security_labs/m86_security_labs_report_1H2010.pdf |title=Papers | SpiderLabs | About Us | Trustwave |publisher=M86security.com |date=2008-10-29 |accessdate=2014-01-09 |url-status=dead |archiveurl=https://web.archive.org/web/20120410141306/http://www.m86security.com/documents/pdfs/security_labs/m86_security_labs_report_1H2010.pdf |archivedate=2012-04-10 }}

While the infection targets of the Asprox botnet are randomly determined through Google searches, some high-profile websites have been infected in the past. Some of these infections have received individual coverage.

• Sony PlayStation U.S.{{cite web|url=http://www.zdnet.com/blog/security/sony-playstations-site-sql-injected-redirecting-to-rogue-security-software/1394 |title=Sony PlayStation's site SQL injected, redirecting to rogue security software |publisher=ZDNet |date=2008-07-02 |access-date=2010-07-30| archive-url= https://web.archive.org/web/20100812025957/http://www.zdnet.com/blog/security/sony-playstations-site-sql-injected-redirecting-to-rogue-security-software/1394| archive-date= 12 August 2010 | url-status= dead}}
• Adobe's Serious Magic website{{cite web|url=http://www.zdnet.com/blog/security/adobes-serious-magic-site-sql-injected-by-asprox-botnet/2039 |title=Adobe's Serious Magic site SQL Injected by Asprox botnet |publisher=ZDNet |access-date=2010-07-30| archive-url= https://web.archive.org/web/20100805070832/http://www.zdnet.com/blog/security/adobes-serious-magic-site-sql-injected-by-asprox-botnet/2039| archive-date= 5 August 2010 | url-status= dead}}
• Several government, healthcare and business related websites

• Botnet
• Malware
• Email spam
• Cybercrime
• Internet security

{{reflist|2}}

{{Botnets}}

{{Hacking in the 2000s}}

{{DEFAULTSORT:Asprox Botnet}}

Category:Internet security

Category:Distributed computing projects

Category:Spamming

Category:Botnets

{{Malware-stub}}