Net-Worm.Win32.Aspxor

Detect Date 04/18/2016
Class Net-Worm
Platform Win32
Description

This malware family is related to the Asprox botnet. These worms can send spam, download and run programs specified by the cybercriminal, and collect the personal data of the user of an infected computer (such as saved passwords and email and FTP credentials).

Malware of this family is spread via spam. It may also propagate by searching for vulnerable websites hosted with ASP (Active Server Pages) on Microsoft IIS (Internet Information Server) servers. SQL injection is used to insert redirection code into pages on these websites (in an iframe object). When a user visits the hacked website, the inserted code redirects the user’s browser to a series of low-level domains containing malicious JavaScript code. In the process of this redirection the browser ultimately opens a website containing an exploit tailored to a vulnerability in a particular browser or operating system. This code causes the browser to automatically download a copy of Net-Worm.Win32.Aspxor malware to the user’s computer.

Geographical distribution of attacks by the Net-Worm.Win32.Aspxor family

Geographical distribution of attacks during the period from 18 April 2015 to 18 April 2016

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 USA 35.19
2 Russian Federation 7.89
3 United Kingdom 5.55
4 Canada 3.39
5 India 3.39
6 Australia 2.78
7 Turkey 2.78
8 Mexico 2.64
9 Vietnam 2.59
10 Japan 2.12

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware