Click anywhere to stop


Detect Date 04/18/2016
Class Net-Worm
Platform Win32

This malware family is related to the Asprox botnet. These worms can send spam, download and run programs specified by the cybercriminal, and collect the personal data of the user of an infected computer (such as saved passwords and email and FTP credentials).

Malware of this family is spread via spam. It may also propagate by searching for vulnerable websites hosted with ASP (Active Server Pages) on Microsoft IIS (Internet Information Server) servers. SQL injection is used to insert redirection code into pages on these websites (in an iframe object). When a user visits the hacked website, the inserted code redirects the user’s browser to a series of low-level domains containing malicious JavaScript code. In the process of this redirection the browser ultimately opens a website containing an exploit tailored to a vulnerability in a particular browser or operating system. This code causes the browser to automatically download a copy of Net-Worm.Win32.Aspxor malware to the user’s computer.

Top 10 countries with most attacked users (% of total attacks)

Country % of users attacked worldwide*
1 USA 35.19
2 Russian Federation 7.89
3 United Kingdom 5.55
4 Canada 3.39
5 India 3.39
6 Australia 2.78
7 Turkey 2.78
8 Mexico 2.64
9 Vietnam 2.59
10 Japan 2.12

* Percentage among all unique Kaspersky users worldwide who were attacked by this malware

Find out the statistics of the threats spreading in your region