Asprox botnet arrival prompts warning on Hybrid security attacks

IT security reseller Global Secure Systems (GSS) has warned companies to review their security protection following the arrival of the Asprox botnet on the scene.

"Asprox is more than just another piece of botnet malware as it's what we call a hybrid. It uses an SQL-injection attack tool that attacks legitimate Web sites, and so adding to the overall botnet swarm," said David Hobson, GSS' managing director.

According to Hobson, whilst botnets and SQL injection Web site attacks are nothing new, the fact that someone has developed a malware infection that combines the two darkware vectors highlights the growing ingenuity of the hacker community.

"The fact that hackers are going down this route is not due to altruism. Most botnets are perpetrated these days by criminal gangs who re after your company's money. And if they can't get your money, they'll use your computers, damaging your reputation in the process -it's a simple as that," he said.

Hobson went on to say that the rapid evolution of multi-vector darkware like Asprox means that companies should now look seriously at multi-vendor and/or multi-layered IT security protection.

"The days when forms could install a single security system on their IT resources are now long gone. Companies need to review their IT security system on a regular basis and talk to their reseller about enhancing their systems to deal with the latest threats," he explained.