Asprox: 24aspx.com
The latest domain name used in the recent Asprox SQL Injection attacks appears to be 24aspx.com. Perhaps the Asprox guys are boasting a little with the domain name? Certainly these SQL injection attacks still seem to serve a useful purpose for them, although the number of vulnerable servers keeps dropping. Anyway, block this one or check your logs for it.
The email addressed used to register this domain is identical to the one used for the "Luksus Jobs" scam email. No big news here, the Asprox botnet is used for a wide variety of things, it's just odd to see druid00091@aol.com come up twice in such a short period.
It's also notable that they've switched back to .com from .ru, but this time registered through Chinese registrar BIZCN.COM.
Domain name: 24aspx.com
Registrant Contact:
City22 llc
Alex Williamos druid00091@aol.com
+1.8827721124 fax: +1.8827721124
321113 po box
New York NY 12131
us
Administrative Contact:
Alex Williamos druid00091@aol.com
+1.8827721124 fax: +1.8827721124
321113 po box
New York NY 12131
us
Technical Contact:
Alex Williamos druid00091@aol.com
+1.8827721124 fax: +1.8827721124
321113 po box
New York NY 12131
us
Billing Contact:
Alex Williamos druid00091@aol.com
+1.8827721124 fax: +1.8827721124
321113 po box
New York NY 12131
us
DNS:
ns1.24aspx.com
ns2.24aspx.com
ns3.24aspx.com
Created: 2008-09-06
Expires: 2009-09-06
Labels: Asprox, SQL Injection, Viruses
posted by Conrad Longmore at
09:39
1 Comments:
Hello,
my server 1an1 was infected by this virus and my site profadis.fr is blocked by kaspersky and antivir.
Many windows open and i'm very busy.
Someone can help-me? please.
Patricio
8 September 2008 15:47
Post a Comment
Subscribe to Post Comments [Atom]
<< Home