Unkillable nasty still climbs out of the grave to this day. The Asprox botnet was responsible for about 80 per cent of all attack sessions recorded during October 2014, impacting nearly 2,000 different organisations.
These figures, from a new report by Palo Alto Networks, provide evidence that the Asprox (AKA Kuluoz) malware family is continuing to plague businesses, despite multiple attempts to disrupt its infrastructure.
The Asprox botnet, which first surfaced around six years ago in 2008, has been linked to phishing scam messages as well as the distribution of secondary malware infections. The zombie network also acts as a platform for hack attacks. Asprox spreads through vulnerable websites, using SQL injections attacks to plant malicious code, rather than the more conventional approach of infecting client PCs. This tactic has made the zombie network more resistant and seems to have helped it to recover from numerous takedown efforts. Industries as varied as healthcare, retail and financial services are still getting mauled by elements of the zombie network.
Looking more widely, Palo Alto Networks’ Unit 42 research arm reports that e-mail (SMTP) and HTTP remain the primary channels for malware delivery. Retail and wholesale organisations received almost 28 per cent of malware over the web channel while hospitality firms received less than two per cent of badness via web channels.
Malware was delivered in over 50 distinct applications, 87 per cent of which was delivered over e-mail and 11.8 per cent through web browsing (HTTP). While these two channels account for the majority of malware attacks, it is important that organisations are able to identify malware in any application allowed in their network, according to Palo Alto.
