We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Asprox botnet proves to be a resilient foe

Trend Micro checks up on Asprox, which has diversified into fake antivirus installs as well as spam

A botnet that has been in the eye of researchers for years continues to serve up malware, spam and fake antivirus software, according to research by Trend Micro.

The security vendor released a 30-page paper on Asprox, a long-running botnet first seen in 2007 that uses sophisticated engineering to flourish. Asprox seemed to have fallen off the security industry's radar, but it has continued to run spam campaigns spoofing brands such as FedEx, the U.S. Postal Service and American Airlines.

"While these activities continued to make the news, few were connected to the Asprox botnet," according to the report, authored by Nart Villeneuve, Jessa dela Torre and David Sancho. "Even fewer insights into the full botnet's operations were reported.

Asprox's spam campaigns are dual purpose since they also deliver malware through attachments and harmful links, which allows it to continue to grow and gain control of more computers. It also is linked to the "partnerkas," Russian affiliate programs where the botnet operators earn a fee for infecting new computers with fake antivirus software.

Asprox was one of several botnets affected by the shutdown in November 2008 of McColo, a California-based ISP that was providing network connectivity for cybercriminals. Worldwide spam levels dipped for a while, but Asprox and other botnets eventually bounced back.

Trend Micro said that Asprox has been upgraded to make it more effective. It now uses a variety of spam templates in different languages in order to maximize its range of victims.

To combat antispam reputation-based systems, Asprox uses legitimate but compromised email accounts. For malware distribution, Asprox is programmed to automatically scan websites in order to look for vulnerable ones to seed malware, the researchers wrote.

The botnet operators can upload new "modules" to Asprox-infected machines via encrypted updates. The modules include spam templates, lists of websites to scan for vulnerabilities and functions that can decode credentials for FTP clients and email applications.

North America appears to have the most Asprox-infected machines, followed by Europe, the Middle East and Africa, Trend said.

"Our research demonstrates that with modifications, even older, well-known threats can continue to effective," Trend wrote on its blog. "Moreover, it shows that spam botnets remain a crucial component of the malware ecosystem and that cybercriminals are always looking for new ways to adopt in response to defenses."

Send news tips and comments to [email protected] Follow me on Twitter: @jeremy_kirk


IDG UK Sites

Windows 10 launch event as it happened: Read our Windows 10 launch live blog - find out first as...

IDG UK Sites

Windows 9 and the death of the OS as a must-have product

IDG UK Sites

Video trends: 4K is here โ€“ HDR video, VR and 3D audio is coming

IDG UK Sites

Best iPhone 6, iPhone 6 Plus deals: iPhone 6, iPhone 6 Plus tariffs, contracts and prices UK