http://msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspxA small botnet known as Asprox has been used in password stealing, spam, and phishing attacks. This week Asprox was modified to include a new SQL Injection tool. As recently shared, SQL injection attacks are more reflective of poorly programmed InternetenCommunityServer 2008.5 SP2 (Build: 40407.4157)http://msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspx#1652601Fri, 31 Oct 2008 02:53:38 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1652601Applicure Technologies<p>Here is the correct download link:</p> <p><a rel="nofollow" target="_new" href="http://www.applicure.com/affiliates/idevaffiliate.php?id=504">www.applicure.com/.../idevaffiliate.php</a></p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1652601" width="1" height="1">http://msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspx#1651121Fri, 17 Oct 2008 09:13:15 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1651121Jerry Mollany<p>Our website was under attack with some kind of an injection.</p> <p>We tried to deal with it for 2 weeks with no success.</p> <p>We tested a few products and eventually, we found a tool name dotDefender that actually stop all those attacks and more of them that appeared in the log files.</p> <p>The main site where you can download dotdefender for 30 days is at: <a rel="nofollow" target="_new" href="http://www.applicure.com">http://www.applicure.com</a></p> <p>Jerry M.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1651121" width="1" height="1">http://msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspx#1650712Mon, 13 Oct 2008 16:59:43 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1650712Raviv Raz<p>More details on ASPROX, SQL Injections at:</p> <p><a rel="nofollow" target="_new" href="http://chaptersinwebsecurity.blogspot.com/2008/07/asprox-silent-defacement.html">chaptersinwebsecurity.blogspot.com/.../asprox-silent-defacement.html</a></p> <p>You can find download links for:</p> <p>- Injector: tests for ASPROX vulnerability on websites</p> <p>- dotDefender: protects web sites against ASPROX</p> <p>Raviv</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1650712" width="1" height="1">http://msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspx#1649394Wed, 01 Oct 2008 15:05:52 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1649394Kamal<p>Researching Asprox and Beanie seems to turn up everywhere, spammer....</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1649394" width="1" height="1">http://msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspx#1648329Thu, 18 Sep 2008 11:59:59 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1648329lo;<p>l;l</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1648329" width="1" height="1">http://msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspx#1642745Wed, 30 Jul 2008 22:25:24 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1642745Beanie<p>This virus took my site offline for 3 weeks and I had to seek an internet security company to fix my site.</p> <p>It cost me £50 but well worth it after the hastle I have had!!</p> <p>Hope this helps others:</p> <p><a rel="nofollow" target="_new" href="http://www.firestorm-online.com/trojans/asprox/">www.firestorm-online.com/.../asprox</a></p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1642745" width="1" height="1">http://msmvps.com/blogs/harrywaldron/archive/2008/05/16/asprox-botnet-installs-sql-injection-tool.aspx#1639236Thu, 03 Jul 2008 11:56:48 GMTd67277c4-116b-43f1-b688-e9ef184ea916:1639236Yossarian<p>We recently had a bunch of sites hit by the SQL injection. It is a nightmare. It looks like we had one vulnerable querystring that we had overlooked. It took 3 days to find it as well. As it is all automated even if your site gets hacked and you clean the data you either need to take the site completely down or monitor it 24/7 until the vulnerabilities are discovered.</p> <p>We found the attacks would be occur hourly in some cases. </p> <p>I guess it is a lesson learned to triple check every querystring &amp; sql statement.</p> <div style="clear:both;"></div><img src="http://msmvps.com/aggbug.aspx?PostID=1639236" width="1" height="1">