Asprox is a Javascript file that targets those websites that using Microsoft's ASP (Active Server Pages) software.

M86 Security has labeled the Asprox botnet with a 'high severity' tag. This means that it is especially severe and malicious, and therefore, can cause huge damage.

Rodel Mendrez, threat analyst, M86 Security, said in his blog post that Asprox had traditionally been used in sending spam, but now this new version is also carrying out SQL injection attacks and infecting websites on massive scale, as per the statement published by v3.co.uk on June 24, 2010.

The bots, once established, tries to establish contact with three domains having a .ru address. As per Mendrez, these are the control servers of Asprox which return spam templates, hunt for e-mail addresses as well as malware updates, and lists ASP websites to target.

The latest version of Asprox botnet also downloads an encrypted Extensible Markup Language (XML) file that provides information like Google search terms to discover more targets.

Mendrez said that the Asprox has returned to the scene with revenge, doing all those things that are typical of this botnet.

It is noteworthy that the botnet first hit the news headlines in 2008, after security vendor Finjan's press release displayed an attractive headline claiming that Asprox was being placed on government computers. However, media was not able to notice that the Asprox toolkit had in fact been prevailing around for a few years and it was only then the attacks, mostly targeting government servers, started rising.

It's not just Finjan that reported of Asprox botnet attacks in 2008. Another security firm SecureWorks reported in May 2008 that the Asprox botnet, which was originally used exclusively for launching phishing scams, is now used for SQL injection for targeting websites. It infected over 2,000 websites in just one day in 2008. The security firm claimed that it is used to make unwary netizens its victim while they are surfing, thus strengthening the Asprox bot family.