Asprox botnet proves to be a resilient foe

Trend Micro checks up on Asprox, which has diversified into fake antivirus installs as well as spam

A botnet that has been in the eye of researchers for years continues to serve up malware, spam and fake antivirus software, according to research by Trend Micro.

The security vendor released a 30-page paper on Asprox, a long-running botnet first seen in 2007 that uses sophisticated engineering to flourish. Asprox seemed to have fallen off the security industry's radar, but it has continued to run spam campaigns spoofing brands such as FedEx, the U.S. Postal Service and American Airlines.

"While these activities continued to make the news, few were connected to the Asprox botnet," according to the report, authored by Nart Villeneuve, Jessa dela Torre and David Sancho. "Even fewer insights into the full botnet's operations were reported.

Asprox's spam campaigns are dual purpose since they also deliver malware through attachments and harmful links, which allows it to continue to grow and gain control of more computers. It also is linked to the "partnerkas," Russian affiliate programs where the botnet operators earn a fee for infecting new computers with fake antivirus software.

Asprox was one of several botnets affected by the shutdown in November 2008 of McColo, a California-based ISP that was providing network connectivity for cybercriminals. Worldwide spam levels dipped for a while, but Asprox and other botnets eventually bounced back.

Trend Micro said that Asprox has been upgraded to make it more effective. It now uses a variety of spam templates in different languages in order to maximize its range of victims.

To combat antispam reputation-based systems, Asprox uses legitimate but compromised email accounts. For malware distribution, Asprox is programmed to automatically scan websites in order to look for vulnerable ones to seed malware, the researchers wrote.

The botnet operators can upload new "modules" to Asprox-infected machines via encrypted updates. The modules include spam templates, lists of websites to scan for vulnerabilities and functions that can decode credentials for FTP clients and email applications.

North America appears to have the most Asprox-infected machines, followed by Europe, the Middle East and Africa, Trend said.

"Our research demonstrates that with modifications, even older, well-known threats can continue to effective," Trend wrote on its blog. "Moreover, it shows that spam botnets remain a crucial component of the malware ecosystem and that cybercriminals are always looking for new ways to adopt in response to defenses."

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Tags securitytrend micromalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest News Articles

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?