The users of Viber are now under the attack of a new malicious campaign. The users are tricked into accepting the Asprox Botnet malware by getting a notification email for a missed call message they get in Viber. The body of the message however contains a link which claims to have a recorded audio message plus the data and the time the call was ‘missed’, however the URL points to a web server that is infected.
The cyber criminals behind the Asprox Botnet Malware.
According to the malware researchers, the operators behind the spread of the Asprox Botnet malware are professionals since they have taken special precautions to hide the malicious nature of their activity. These precautions include verification that the users run Internet Explorer, that their IP address is verified and that the multiple tries are not allowed.
In case all the requirements are met, then the Trojan is downloaded to the device and when it is launched it automatically subscribes the user to the Asprox botnet. According to an analysis made by Tech Help List, five to ten IP addresses are available in the malware.
Asprox Botnet Malware used for various criminal activities.
In the beginning, the Asprox Botnet Malware was used to deliver huge amounts of spam. Later, it started to be used to steal credentials, to offer click-fraud for the online pay per click advertising, etc. Asprox Botnet is in circulation since 2008 with its size ranging as computers are cleaned up. The botnet is often regenerated to reach a certain number of systems that can be controlled for various other criminal purposes.
Recently Microsoft observed that the Asprox botnet has delivered to the users a version of Upatre downloader. In another campaign launched recently, Asprox was sending phishing emails, disguise as court notices of urgent nature sent by the lawyers from Green Winick. In June, Asprox botnet was also spotted to deliver more than 10 000 spam emails each day reaching 500 000 malicious messages that were delivered to PC users.
The cyber criminals behind Asrox are using web servers that have been compromised in the past, in order to deliver the malware and make its detection very difficult.