An Analysis of the Asprox Botnet

Author

Borgaonkar, Ravishankar

Author_Institution

Tech. Univ. of Berlin, Berlin, Germany

fYear

2010

fDate

18-25 July 2010

Firstpage

148

Lastpage

153

Abstract

The presence of large pools of compromised computers, also known as botnets, or zombie armies, represents a very serious threat to Internet security. This paper describes the architecture of a contemporary advanced bot commonly known as Asprox. Asprox is a type of malware that combines the two threat vectors of forming a botnet and of generating SQL injection attacks. The main features of the Asprox botnet are the use of centralized command and control structure, HTTP based communication, use of advanced double fast-flux service networks, use of SQL injection attacks for recruiting new bots and social engineering tricks to spread malware binaries. The objective of this paper is to contribute to a deeper understanding of Asprox in particular and a better understanding of modern botnet designs in general. This knowledge can be used to develop more effective methods for detecting botnets, and stopping the spreading of botnets on the Internet.

Keywords

Internet; SQL; invasive software; Asprox botnet analysis; HTTP based communication; Internet security threat; SQL injection attack; advanced bot architecture; bot recruitment; botnet detection; double fast-flux service network; malware binary spreading; social engineering; zombie armies; Computer architecture; Computers; IP networks; Internet; Malware; Protocols; Servers; Asprox; Bot; Botnet; Fast-flux networks; Malware; SQL injection;

fLanguage

English

Publisher

ieee

Conference_Titel

Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on

Conference_Location

Venice

Print_ISBN

978-1-4244-7517-9

Electronic_ISBN

978-0-7695-4095-5

Type

conf

DOI

10.1109/SECURWARE.2010.32

Filename

5633693