SEARCH RESULTS
 
Showing 1-10 of 17 records
 
Expand article

Asprox Phishing Campaigns Dominated in April

The Article has images
2008-05-27 06:38:48 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Asprox botnet, a botnet that despite being actively sending phishing emails for the last couple of months, received more publicity for its introduction of SQL injection capabilities, like the ones I've assessed in a previous post. The IPs in question 212.174.25.241 62.233.145.45 218.92.205.246 85.105.182.6 212.0.85.6 Where's the connection?...
 
Tags: asprox, botnet, asprox botnet, previous, previous months, historical domains, ips, months, domains
 
 
 
 
Expand article

Money Mule Recruiters use ASProx's Fast Fluxing Services

The Article has images
2008-07-18 06:23:49 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Asprox botnet, that is also providing hosting services for several hundred domains used on the last wave of SQL injection attacks. Ironically, the money mule recruitment site is sharing IPs with many of them. Who are these money launderers ( cashtransfers.tk ; cashtransfers.eu; type53.eu ; sid57.tk ; catdbw.mobi ; cdrpoex.com etc. ) anyway ...
 
Tags: fast, fast flux networks, money, fast-flux, cashtransfers, fast flux provider, fast flux spam, transfer money, fast-flux infrastructure
 
 
 
 
Expand article

Asprox Botnet Mass Attack Hits Governmental, Healthcare, and Top Business Websites

2008-07-19 01:43:41 by CyberInsecure in CyberInsecure.com
 
During the first two weeks of July 2008, Finjan detected over 1,000 unique Website domains that were compromised by Asprox toolkit attack. Each of the compromised domains included a reference to a malware that was served by over 160 different domains across the Internet. Since the list of these malware serving domains increases every day
 
Tags: unique website domains, domains, domains increases, asprox toolkit attack, malware, internet, finjan, july, reference
 
 
 
 
Expand article

What's Going on Between Asprox and Rock Phish?

2008-09-04 00:00:00 by RSA FraudAction Research Lab in Speaking of Security, the RSA Blog and Podcast
 
...Asprox Botnet, which has recently been spreading itself using surges of SQL injection attacks
 
Tags: rock phish, gang, gang decides, rock phish gang, infrastructure, botnet infrastructure, infrastructure belongs, infamous asprox botnet, decides
 
 
 
 
Expand article

News from the Rock Phish Gang

2008-09-10 07:47:38 by schneier in Schneier on Security
 
...Asprox. Most notably, the command and control server for the custom Rock Phish crimeware had exactly the same directory structure of many of the Asprox servers, leading RSA researchers to believe Rock Phish and Asprox attacks were using at least one common server. (Researchers from Damballa were able to confirm this finding after observing...
 
Tags: rock, rock phish, phishers, rock phishers, attacks, asprox attacks, asprox, rsa researchers, rsa
 
 
 
 
Expand article

Fast-Fluxing SQL Injection Attacks

The Article has images
2008-05-19 07:28:54 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...Asprox are converging tactics already, by fast-fluxing the SQL injected domains . Related URLs for this campaign banner82.com dll64.com aspx88.com bank11.net cookie68.com exportpe.net Read the complete assessment - Fast-Fluxing SQL Injection Attacks Executed from the Asprox Botnet , and go through previous posts related to the botnet as...
 
Tags: sql injection attacks, botnet, sql, asprox botnet, botnet masters, asprox, malware campaign, campaign, net
 
 
 
 
Expand article

Summarizing July's Threatscape

The Article has images
2008-08-01 16:08:24 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ASProx botnet - pretty interesting month indeed 01. Decrypting and Restoring GPcode Encrypted Files The GPcode authors read the news too, and are catching up with the major weaknesses pointed out in their previous release in order to come with a virtually unbreakable algorithm. And since more evidence of who's behind the GPcode ransomware...
 
Tags: malware, profitable malware operations, malware authors, malware tools, malware coder, malware kit, malware infection, neosploit malware kit, spam
 
 
 
 
Expand article

Compromised Cpanel Accounts For Sale

The Article has images
2008-08-18 10:42:50 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ASProx's Fast-flux Services Malware Domains Used in the SQL Injection Attacks Obfuscating Fast-fluxed SQL Injected Domains SQL Injecting Malicious Doorways to Serve Malware Yet Another Massive SQL Injection Spotted in the Wild Malware Domains Used in the SQL Injection Attacks SQL Injection Through Search Engines Reconnaissance Google Hacking...
 
Tags: sql, sql injections, sql injection attacks, massive sql injection, profile site, site, site sql, sql injection, tactic
 
 
 
 
Expand article

Managed Fast Flux Provider - Part Two

The Article has images
2008-10-02 12:39:01 by Dancho Danchev in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge
...ASProx's infected hosts as hosting infrastructure , and in November, 2007, an infamous spamming software vendor was also found to have been offering fast-flux services in the past In this most recent fast-flux service, we have a known spammer and botnet master that in between self-serving himself on is way to ensure his portfolio of scammy...
 
Tags: fast, fast flux provider, fast flux networks, recent fast-flux service, powerful control panel, control panel, virtual servers, multiple virtual servers, fast flux spam