TrendLabs recently published a research paper [PDF file] providing a detailed look at the Asprox botnet, which delivers malware via spam e-mails that claim to come from package delivery companies like FedEx, DHL, and the U.S. Postal Service.
“While Asprox has only been mentioned sporadically in the past few years, other spam campaigns with similar tactics as well as fake ticket scams using well-known airlines like Delta and American Airlines have received significant attention,” TrendLabs senior threat researcher Nart Villeneuve wrote in a blog post.
“Trend Micro said that Asprox has been upgraded to make it more effective … The botnet operators can upload new ‘modules’ to Asprox-infected machines via encrypted updates,” writes Computerworld’s Jeremy Kirk. “The modules include spam templates, lists of websites to scan for vulnerabilities and functions that can decode credentials for FTP clients and email applications.”
“In addition to spreading malware through phishing emails, the botnet — first detected in 2007 and which has morphed over the years — also skirts detection by using RC4 encryption and legitimate email accounts to spam other users,” writes SC Magazine’s Danielle Walker.