Title :
An Analysis of the Asprox Botnet
Author :
Borgaonkar, Ravishankar
Author_Institution :
Tech. Univ. of Berlin, Berlin, Germany
Abstract :
The presence of large pools of compromised computers, also known as botnets, or zombie armies, represents a very serious threat to Internet security. This paper describes the architecture of a contemporary advanced bot commonly known as Asprox. Asprox is a type of malware that combines the two threat vectors of forming a botnet and of generating SQL injection attacks. The main features of the Asprox botnet are the use of centralized command and control structure, HTTP based communication, use of advanced double fast-flux service networks, use of SQL injection attacks for recruiting new bots and social engineering tricks to spread malware binaries. The objective of this paper is to contribute to a deeper understanding of Asprox in particular and a better understanding of modern botnet designs in general. This knowledge can be used to develop more effective methods for detecting botnets, and stopping the spreading of botnets on the Internet.
Keywords :
Internet; SQL; invasive software; Asprox botnet analysis; HTTP based communication; Internet security threat; SQL injection attack; advanced bot architecture; bot recruitment; botnet detection; double fast-flux service network; malware binary spreading; social engineering; zombie armies; Computer architecture; Computers; IP networks; Internet; Malware; Protocols; Servers; Asprox; Bot; Botnet; Fast-flux networks; Malware; SQL injection;
Conference_Titel :
Emerging Security Information Systems and Technologies (SECURWARE), 2010 Fourth International Conference on
Conference_Location :
Venice
Print_ISBN :
978-1-4244-7517-9
Electronic_ISBN :
978-0-7695-4095-5
DOI :
10.1109/SECURWARE.2010.32
