What Happened to You, Asprox Botnet?
Last Updated: 2015-03-08 05:10:09 UTC
by Brad Duncan (Version: 1)
Earlier this year, @Techhelplistcom reported the spam and landing site infrastructure used to spread Asprox malware switched to porn-related URLs . This started back in mid-January 2015, and I still haven't seen much about it in the open press. Since then, this infrastructure has continued spreading links to pornography or diet-related scams  .
What happened to you, Asprox botnet? Are you only spreading spam, now?
The Asprox botnet first emerged in 2007 . This botnet sent a large amount of spam over the years, including malicious spam (malspam) containing malware designed to infect a user's computer, making it part of the Asprox botnet.
This malspam had malicious zip file attachments, or it had links pointing to compromised servers hosting the malware.
Shown above: an Asprox botnet email with a malware attachment.
Shown above: an Asprox botnet email with a link to the malware.
Sites like techhelplist.com have plenty of examples of Asprox emails . In the absence of anything interesting, I could always find an email from the Asprox botnet and analyze some familiar malware. That’s not the case now. This seems to be the end of an era, at least for the malware spam .
I’ve included some images below from the Asprox botnet emails I've collected over the past few months. Consider this an “Asprox botnet greatest hits” collection. Like many greatest hits compilations, I'm sure people will find their favorites missing from this collection. Feel free to share any stories you have about these Asrpox emails.
Brad Duncan, Security Researcher at Rackspace
Blog: www.malware-traffic-analysis.net - Twitter: @malware_traffic