The Asprox Botnet Is yet Expecting Its Peak during Holiday Season
If you come across a message for a delivery confirmation into your email inbox these days, please beware that it’s been sent from a legitimate source. Especially if you are not expecting any deliveries. A lot of scammers are using the holiday season to spread messages, containing malware and other malicious software.
What Does Asprox Botnet Do
The emails concerning deliveries are the most common ones during the holiday season, and that is exactly on what the Asprox Botnet creators count on. What the crooks are using as a bait are the names of prominent US retailers. They are placing them in the subject of the messages, so victims are less suspicious of a possible scam when opening these and click on the links the message contains. The links contain trojans that enter your computer and contaminate it with malware designed to scam the machine, look for and steal credentials, bank accounts and other personal information for the users. The campaign running at the moment uses the names of big brands like Home Depot, CostCo, Alvo, Walmart, etc.
Asprox also fulfills a scanning module, looking for hacked or vulnerable websites, contaminating those with malware as well, so it spreads to a wider range of users. Victims visiting such are subject of the Trojans as well.
According to a publication in the Malcovery blog post, the Asprox botnet campaign spreads out two variants of the malware. One of the Trojans is being sent as an attachment to an email message and the other one as a link, leading to a compromised website. Analysing both, researchers have found out that the two Asprox versions are located on two separate command and control servers (C&C) and that one of them is actually older than the other.
Beware of Email Delivery Messages
Although the email messages users receive appear to be from big and legitimate companies, they should be very careful before opening links from such. One of the main hints in such messages is that the sender and the name of the retailer in the subject appear to be totally different. Users can receive a message, por exemplo, with subject “Walmart” and the domain name of the sender to contain “CostCo”, etc.
As it is just the beginning of the holiday season researchers think that the Asprox botnet is yet to reach its peak. Cyber criminals know that and will try to use it to its full potential.
Users are advised to be extremely precautions for shipping and delivery messages and not to open links straight from the body of the emails. If they would like to open such, it is highly advisable to type it manually on a separate tab of their browser.
They should also know to be avoiding opening attachments from such, especially if they are not expecting any recent deliveries at all. Comparing the subject of the message and the sender’s email domain is essential for recognizing malicious emails as well.