Fugitif
19.05.2008, 22:45
Fast-Fluxing SQL injection attacks executed from the Asprox botnet by Dancho Danchev
The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign. I first assessed the Asprox botnet in January, and again in April when it started scaling and diversifying its campaigns from fake Windows updates, to fake Yahoo ecards, as well as executable news items. A botnet crunching out phishing emails and spam as usual? Depends on the momentum. Automating the process of SQL injecting a large number of sites is one thing, SQL injecting fast-fluxed domains is entirely another. Secureworks comments on the introduction of the SQL injection tool within the botnet :
http://blogs.zdnet.com/security/images/fast_flux_sql_injection_attacks3.JPG
More:
http://blogs.zdnet.com/security/?p=1122
The botnet masters behind the Asprox botnet have recently started SQL injecting fast-fluxed malicious domains in order to enjoy a decent tactical advantage in an attempt to increase the survivability of the malicious campaign. I first assessed the Asprox botnet in January, and again in April when it started scaling and diversifying its campaigns from fake Windows updates, to fake Yahoo ecards, as well as executable news items. A botnet crunching out phishing emails and spam as usual? Depends on the momentum. Automating the process of SQL injecting a large number of sites is one thing, SQL injecting fast-fluxed domains is entirely another. Secureworks comments on the introduction of the SQL injection tool within the botnet :
http://blogs.zdnet.com/security/images/fast_flux_sql_injection_attacks3.JPG
More:
http://blogs.zdnet.com/security/?p=1122