Sponsored by..

Saturday, 9 August 2008

Asprox: block and js.js

A shift in behaviour from the Asprox botnet - this time all traffic from infected sites is being redirected through a fixed IP at Blocking will probably do no harm.

Also, the name of the javascript file has changed to js.js, so look for this in your logs.

The Silent Noise blog is tracking Asprox domains too, with some interesting developments that we haven't had the chance to dig deeper into.

No comments: