The AspRox Trojan first appeared in the form of a phishing Trojan, but a recent update pushed to infected computers revealed an entirely new make up for this online Malbot.
Once installed on an infected computer the Trojan starts sending AScII encoded http Get requests to vulnerable websites written in asp, via a backdoor on the users machine. These malicious requests contain a hex encoded T-SQL script, the script attempts to connect to the websites database, where it creates a table cursor to browse through the table columns. It retrieves all info from specific VARCHAR fields in all tables found, it then assigns its own value to the current values (in this case a javascript file) and performs an update on the database.
The result for those sites affected is the inclusion of the malicious javascript file in all fields described, this causes any data retrieved on to the websites webpage to run the file on the website users machine.
When the javascript file is run, a tiny i-frame is created which then attempts to download malicious software from another host website using upto 9 different browser exploits.
Thus the whole cycle starts again, continuing the spread of infection.
Read The Full Article
What Can I Do?
We can offer you a specially designed package to protect your website against attacks by this notoriously difficult to clean Trojan. Our package can usually be installed onto your website and database very quickly offering almost instant protection. We can also repair and rebuild your corrupt database, and have you back up and running in no-time at all. Contact us now for a highly competetive quote. Website solutions to the AspRox Trojan start from £49.99
|
