Tuesday, February 10, 2009

ASPROX Back with a vengance

So the SQL Injection attacks have slowed down a bit but the botnet is still very much alive and is now back running large scale phishing and money mule scams designed to prey on jobless Americans.

Please read or watch the amazing ASPROX report by Dennis Brown @ Verisign given at Toorcon on the latest on ASPROX anatomy.

If you or your organization's website are a victim of ASPROX please see our highly popular ASPROX Toolkit with recommendations on defense and post compromise remediation.



Known currently active ASPROX domains:
dbrgf.ru
lijg.ru
bnmd.kz
nvepe.ru
mtno.ru
wmpd.ru
msngk6.ru
dft6s.kz
47mode.name
berjke.ru
81dns.ru
53refer.ru
chk06.ru
driver95.ru
errghr.ru
lang42.ru
netcfg9.ru
sitevgb.ru
vrelel.ru
30area.ru
4log-in.ru
advabnr.com

Also being reported at:
http://www.matchent.com/wpress/?q=node/432
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090122

No comments: