Asprox Botnet Compromises Web Sites
Thursday May 15, 2008
A botnet is being propagated in a worm-like fashion and infecting vulnerable web sites. Once a web site is compromised, it redirects users to download a malware package, which also includes the Asprox code. The Asprox code then seeks out new vulnerable web sites to compromise and continue to spread. Asprox uses SQL injection on vulnerable Active Server pages to compromise weak sites. According to this report from The Register, the SQL injection attack has compromised about 1,000 web pages thus far, and only 4 of the 32 antivirus products tested were able to detect or identify the threat.
Comments
This virus took my site offline for 3 weeks and I had to seek an internet security company to fix my site.
It cost me £50 but well worth it after the hastle I have had!!
Hope this helps others:
http://www.firestorm-online.com/trojans/asprox/
More details on ASPROX, SQL Injections at:
http://chaptersinwebsecurity.blogspot.com/2008/07/asprox-silent-defacement.html
You can find download links for:
- Injector: tests for ASPROX vulnerability on websites
- dotDefender: protects web sites against ASPROX
Raviv