In association with heise online

15 May 2008, 11:34

Asprox botnet now equipped with SQL injection tool

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

SecureWorks report that the Asprox botnet is being updated with a binary called msscntr32.exe. This turns out to be an automated SQL injection tool. Masquerading as a "Microsoft Security Center Extension", the tool searches Google for flaws in .asp pages and injects an iframe into the pages that forces visitors to download malicious JavaScript from, a domain with a very questionable Whois record registered on May 7 2008, containing the details

Name: norman Company: zevs Address: gellion 13-13 City: Error State: 3562 Country: AU Zip: 123456 Tel No: 749 7983456 Fax No: Email:

which, however, genuinely appears to have been registered from Australia, as "gellion" is a little-known street name in Roxburgh Park, Melbourne.

The link ultimately redirects to a server that, according to the report, attempts to propagate Danmec, Asprox and the SQL injection tool. SecureWorks noted that only Asprox is capable of propagating the malware. The target server was down when tested by SecureWorks.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit