Home Malware Programs Trojans Trojan.Asprox

Trojan.Asprox

Posted: May 2, 2011

Asprox is a global botnet that's used to deliver PC threats in multiple ways, with prominent parts of its strategy including the usage of spam e-mail and searching for websites with vulnerable software. Even though Asprox is several years old, its multi-component nature and a series of regular updates have, together, allowed Asprox to remain an active and viable threat to even the most modern of PCs. Since the latest Asprox activity is especially linked to the distribution of rogue anti-virus software, you should be suspicious of any unrecognizable brand of security software that appears on your computer after a potential Asprox attack. Actual anti-malware software can remove malware that's installed by Asprox, and SpywareRemove.com malware researchers also recommend that website admins keep an eye on their website code to prevent Asprox-related hacks from using their domains as impromptu scamware-distributing centers.

Asprox: Two Ways into Your Computer with a Fake AV Brand

As one of the most popular methods of distributing malware, e-mail spam is heavily-supported by the Asprox botnet for the purpose of infecting new computers. Asprox e-mail spam, instead of using new e-mail addresses, uses preexisting addresses that have been hijacked from their original users – in some cases, without the victims even being aware of these attacks. This allows Asprox's e-mail spam to circumvent basic spam filters. File attachments and links from Asprox-sent e-mail messages can infect your PC with multiple types of malware, including both Asprox and related PC threats, such as rogue anti-virus scanners.

SpywareRemove.com malware experts also have had an eye on a secondary means of Asprox attacks: vulnerable websites. Asprox is designed to scan for websites that have software vulnerabilities that can be exploited for the purposes of hacking them. Malicious code that's inserted into these sites will force the web browsers of any visitors to load harmful content, such as redirects to G01pack Exploit Kit, which can install Asprox and related PC threats.

Besides Asprox basic botnet-related attacks, which allow criminals to access and control your PC for the purpose of launching additional criminal activities, Asprox also is known for installing rogue anti-virus programs. Fake system warnings, inaccurate virus scans and similar types of fraudulent security features often are displayed by such scamware products. Their ultimate goal is to force their victims to pay a registration fee, which SpywareRemove.com malware researchers urgently emphasize is never beneficial for you or your computer.

Preventing Asprox's Scamware Dissemination Campaign from Getting to Your PC... or Your Site

Blocking Asprox's website-hacking attacks requires that website administrators regularly maintain their sites and double-check the underlying code for malicious additions (such as Java redirects). SpywareRemove.com malware experts particularly recommend updating any website management software that's being used, since achieving it is one of the easiest ways of reducing vulnerabilities that Asprox and similar PC threats can exploit.

With regards to e-mail security, SpywareRemove.com malware researchers recommend that you scan any file attachments or links with suitable security software – even if they seem to have been sent by a source that you trust. Spambot attacks like Asprox's efforts can launch without the consent or awareness of the users of Asprox-compromised e-mail accounts. If they're allowed to run in the first place, your anti-malware programs shouldn't experience any issues in removing fake anti-virus software that's installed by Asprox.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\aspimgr.exe
    2 %System%\document.doc
    3 %Temp%\_check32.bat
    4 %Windir%\s32.txt
    5 %Windir%\ws386.ini

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\WordpadHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\IPHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\OptionsHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\RTFHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\SettingsHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\TextHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Word6HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\WriteHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SftHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASPIMGRHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ASPIMGR\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspimgrHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aspimgr\SecurityHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASPIMGRHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ASPIMGR\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aspimgrHKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aspimgr\Security
Loading...